Cisco Cisco Web Security Appliance S170 Guía Del Usuario
19-10
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 19 Configuring Security Services
Configuring Web Reputation and Anti-Malware in Policies
Step 4
Submit and commit your changes.
Configuring Web Reputation and Anti-Malware in Policies
When Web Reputation and Anti-Malware Filters are enabled on the appliance, you can configure
different settings in policy groups.
different settings in policy groups.
You can enable monitoring or blocking for malware categories based on malware scanning verdicts. You
can configure anti-malware settings in the following policy groups:
can configure anti-malware settings in the following policy groups:
•
Access Policies. The settings you can configure vary depending on whether or not Adaptive
Scanning is enabled. For more information, see
Scanning is enabled. For more information, see
•
Outbound Malware Scanning Policies. For more information on configuring anti-malware settings
in Outbound Malware Scanning Policies, see
in Outbound Malware Scanning Policies, see
You can configure web reputation settings in the following policy groups:
•
Access Policies. The settings you can configure vary depending on whether or not Adaptive
Scanning is enabled. For more information, see
Scanning is enabled. For more information, see
•
Decryption Policies. For more information, see
McAfee
Choose whether or not to enable the McAfee scanning engine.
When you enable the McAfee scanning engine, you can choose whether or not
to enable heuristic scanning. For more information about heuristic scanning,
see
to enable heuristic scanning. For more information about heuristic scanning,
see
.
Note: Heuristic analysis increases security protection, but can result in false
positives and decreased performance.
positives and decreased performance.
Webroot
Choose whether or not to enable the Webroot scanning engine.
When you enable the Webroot scanning engine, you can configure the Threat
Risk Threshold (TRT). The TRT assigns a numerical value to the probability
that malware exists.
Risk Threshold (TRT). The TRT assigns a numerical value to the probability
that malware exists.
Proprietary algorithms evaluate the result of a URL matching sequence and
assign a Threat Risk Rating (TRR). This value is associated with the threat risk
threshold setting. If the TRR value is greater than or equal to the TRT, the URL
is considered malware and is passed on for further processing.
assign a Threat Risk Rating (TRR). This value is associated with the threat risk
threshold setting. If the TRR value is greater than or equal to the TRT, the URL
is considered malware and is passed on for further processing.
Note: Setting the Threat Risk Threshold to a value lower than 90 dramatically
increases the rate of URL blocking and denies legitimate requests. Cisco
strongly recommends maintaining the TRT default value of 90. The minimum
value for a TRT setting is 51.
increases the rate of URL blocking and denies legitimate requests. Cisco
strongly recommends maintaining the TRT default value of 90. The minimum
value for a TRT setting is 51.
Table 19-5
Web Reputation and Anti-Malware Filter Settings (continued)
Setting
Description