Cisco Cisco Web Security Appliance S160 Guía Del Usuario
14-6
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 7
Adjust the following Advanced Settings as needed:
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 8
Submit and commit your changes.
Configuring File Reputation and Analysis Service Action Per Access Policy
Procedure
Step 1
Select Web Security Manager > Access Policies.
Step 2
Click the link in the Anti-Malware and Reputation column for a policy in the table.
Step 3
In the Advanced Malware Protection Settings section, select Enable File Reputation Filtering and
File Analysis.
File Analysis.
If File Analysis is not enabled globally, only File Reputation Filtering is offered.
Step 4
Select an action for Known Malicious and High-Risk Files: Monitor or Block.
The default is Monitor.
Step 5
Submit and commit your changes.
Ensuring That You Receive Alerts About Advanced Malware Protection Issues
Ensure that the appliance is configured to send you alerts related to Advanced Malware Protection.
Option
Description
Routing Table
The routing table (associated with an appliance network
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
interface type, either Management or Data) to be used for
Advanced Malware Protection services. If the appliance
has both the Management interface and one or more Data
interfaces enabled, you can select Management or Data.
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.