Cisco Cisco Web Security Appliance S680 Guía Del Usuario
12-7
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 12 Configuring Security Services
Understanding Adaptive Scanning
McAfee Categories
Sophos Scanning
The Sophos scanning engine inspects objects downloaded from a web server in HTTP responses. After
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if McAfee anti-malware software is installed.
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if McAfee anti-malware software is installed.
Understanding Adaptive Scanning
Adaptive Scanning decides which anti-malware scanning engine will process the web request. Adaptive
Scanning applies the ‘Outbreak Heuristics’ anti-malware category to transactions it identifies as
malware prior to running any scanning engines. You can choose whether or not to block these
transactions when you configure anti-malware settings on the appliance.
Scanning applies the ‘Outbreak Heuristics’ anti-malware category to transactions it identifies as
malware prior to running any scanning engines. You can choose whether or not to block these
transactions when you configure anti-malware settings on the appliance.
Adaptive Scanning and Access Policies
When Adaptive Scanning is enabled, settings that you can configure in Access Policies are slightly
different:
different:
•
You can enable or disable web reputation filtering in each Access Policy, but you cannot edit the
Web Reputation Scores.
Web Reputation Scores.
•
You can enable anti-malware scanning in each Access Policy, but you cannot choose which
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
Note
If Adaptive Scanning is not enabled and an Access Policy has particular web reputation and anti-malware
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
McAfee Verdict
Malware Scanning Verdict Category
Known Virus
Virus
Trojan
Trojan Horse
Joke File
Adware
Test File
Virus
Wannabe
Virus
Killed
Virus
Commercial Application
Commercial System Monitor
Potentially Unwanted Object
Adware
Potentially Unwanted Software Package
Adware
Encrypted File
Encrypted File