Cisco Cisco Web Security Appliance S370 Guía Del Usuario
19-4
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 19 Configuring Security Services
Anti-Malware Scanning Overview
Web Reputation in Decryption Policies
describes the default Web Reputation Scores for Decryption Policies.
Web Reputation in Cisco IronPort Data Security Policies
describes the default Web Reputation Scores for Cisco IronPort Data Security.
Anti-Malware Scanning Overview
The Web Security appliance anti-malware feature is a security component that uses the Cisco IronPort
DVS™ engine in combination with multiple anti-malware scanning engines integrated on the appliance
to identify and stop web-based malware threats, including zero-day threats. The DVS engine works with
the Webroot™, McAfee, and Sophos anti-malware scanning engines.
DVS™ engine in combination with multiple anti-malware scanning engines integrated on the appliance
to identify and stop web-based malware threats, including zero-day threats. The DVS engine works with
the Webroot™, McAfee, and Sophos anti-malware scanning engines.
For more information about the DVS engine, see
To use the anti-malware component of the appliance, you must first enable anti-malware scanning and
configure global settings, and then apply specific settings to different policies. For more information,
see
configure global settings, and then apply specific settings to different policies. For more information,
see
and
.
Cisco IronPort DVS™ (Dynamic Vectoring and Streaming) Engine
The Cisco IronPort Dynamic Vectoring and Streaming (DVS) engine inspects web traffic to provide
protection against the widest variety of web-based malware ranging from commercially invasive adware
applications, to malicious trojans, system monitors, and phishing attacks.
protection against the widest variety of web-based malware ranging from commercially invasive adware
applications, to malicious trojans, system monitors, and phishing attacks.
Table 19-2
Default Web Reputation Scores for Decryption Policies
Score
Action
Description
-10 to -9.0
Drop
Bad site. The request is dropped with no notice sent to the end user.
Use this setting with caution.
-8.9 to 5.9
Decrypt
Undetermined site. Request is allowed, but the connection is decrypted
and Access Policies are applied to the decrypted traffic.
and Access Policies are applied to the decrypted traffic.
For more information about how the appliance decrypts HTTPS traffic,
see
see
.
6.0 to 10.0
Pass through
Good site. Request is passed through with no inspection or decryption.
Table 19-3
Default Web Reputation Scores for Cisco IronPort Data Security Policies
Score
Action
Description
-10 to -6.0
Block
Bad site. The transaction is blocked, and no further scanning occurs.
-5.9 to 0.0
Monitor
The transaction will not be blocked based on Web Reputation, and will
proceed to content checks (file type and size).
proceed to content checks (file type and size).
Note
Sites with no score are monitored.