Cisco Cisco Web Security Appliance S670 User Guide
Chapter 11 Outbound Malware Scanning
Outbound Malware Scanning Overview
11-2
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
The IronPort Dynamic Vectoring and Streaming (DVS) engine scans transaction
requests as they leave the network in real time. By working with the IronPort DVS
engine, the Web Security appliance enables you to prevent users from
unintentionally uploading malicious data.
requests as they leave the network in real time. By working with the IronPort DVS
engine, the Web Security appliance enables you to prevent users from
unintentionally uploading malicious data.
To prevent malicious data from leaving the network, the Web Security appliance
provides the Outbound Malware Scanning policy groups. You define which
uploads are scanned for malware, which anti-malware scanning engines to use for
scanning, and which malware types to block.
provides the Outbound Malware Scanning policy groups. You define which
uploads are scanned for malware, which anti-malware scanning engines to use for
scanning, and which malware types to block.
For more information on anti-malware scanning, see
.
User Experience with Blocked Requests
When the IronPort DVS engine blocks an upload request, the Web Proxy sends a
block page to the end user. However, not all websites display the block page to the
end user. For example, some Web 2.0 websites display dynamic content using
javascript instead of a static webpage and are not likely to display the block page.
Users are still properly blocked from uploading malicious data, but they may not
always be informed of this by the website.
block page to the end user. However, not all websites display the block page to the
end user. For example, some Web 2.0 websites display dynamic content using
javascript instead of a static webpage and are not likely to display the block page.
Users are still properly blocked from uploading malicious data, but they may not
always be informed of this by the website.
Outbound Malware Scanning Policy Groups
Outbound Malware Scanning Policies define whether or not the Web Proxy blocks
HTTP requests and decrypted HTTPS connections for transactions that upload
data to a server (upload requests). An upload request is an HTTP or decrypted
HTTPS request that has content in the request body.
HTTP requests and decrypted HTTPS connections for transactions that upload
data to a server (upload requests). An upload request is an HTTP or decrypted
HTTPS request that has content in the request body.
When the Web Proxy receives an upload request, it compares the request to the
Outbound Malware Scanning policy groups to determine which policy group to
apply. After it assigns the request to a policy group, it compares the request to the
policy group’s configured control settings to determine whether to block the
request or monitor the request. When an Outbound Malware Scanning Policy
determines to monitor a request, it is evaluated against the Access Policies, and
the final action the Web Proxy takes on the request is determined by the applicable
Access Policy.
Outbound Malware Scanning policy groups to determine which policy group to
apply. After it assigns the request to a policy group, it compares the request to the
policy group’s configured control settings to determine whether to block the
request or monitor the request. When an Outbound Malware Scanning Policy
determines to monitor a request, it is evaluated against the Access Policies, and
the final action the Web Proxy takes on the request is determined by the applicable
Access Policy.