Cisco Cisco Web Security Appliance S190 Guía Del Usuario
U N D E R S T A N D I N G W E B R E P U T A T I O N A N D A N T I - M A L W A R E I N F O R M A T I O N
C H A P T E R 2 0 : L O G G I N G
445
Web Reputation Filters Example
In the following example, the URL request was allowed because the URL’s Web Reputation
score was high enough to qualify to be allowed without being scanned for malware.
score was high enough to qualify to be allowed without being scanned for malware.
In this example, “6.0” is the Web Reputation score. The hyphen “
-
” values indicate the
request was not forwarded to the DVS engine for anti-malware scanning. The ACL decision
tag “ALLOW_WBRS” indicates that the request was allowed, and therefore not forwarded for
anti-malware scanning, based on this Web Reputation score.
tag “ALLOW_WBRS” indicates that the request was allowed, and therefore not forwarded for
anti-malware scanning, based on this Web Reputation score.
Anti-Malware Request Example
In the following example, the Webroot scanning engine scanned the URL request and
assigned a malware scanning verdict based on the URL request. Webroot is the only scanning
engine that scans a URL request. For more information about Webroot scanning, see
“Webroot Scanning” on page 325.
assigned a malware scanning verdict based on the URL request. Webroot is the only scanning
engine that scans a URL request. For more information about Webroot scanning, see
“Webroot Scanning” on page 325.
In this example, the “nc” stands for “no category” because AsyncOS did not match the URL
request to a matching category. The “ns” stands for “no score” because AsyncOS did not find
any Web Reputation information about this URL request. Because it did not find any Web
Reputation information about the URL, it passed the request to the DVS engine for
anti-malware scanning.
request to a matching category. The “ns” stands for “no score” because AsyncOS did not find
any Web Reputation information about this URL request. Because it did not find any Web
Reputation information about the URL, it passed the request to the DVS engine for
anti-malware scanning.
-
IW_adv
The URL category verdict determined during
response-side scanning, abbreviated. Applies to the
Cisco IronPort Web Usage Controls URL filtering
engine only. Only applies when the Dynamic Content
Analysis engine is enabled and when no category is
assigned at request time (a value of “nc” is listed in the
request-side scanning verdict).
For a list of URL category abbreviations, see “URL
Category Descriptions” on page 293.
response-side scanning, abbreviated. Applies to the
Cisco IronPort Web Usage Controls URL filtering
engine only. Only applies when the Dynamic Content
Analysis engine is enabled and when no category is
assigned at request time (a value of “nc” is listed in the
request-side scanning verdict).
For a list of URL category abbreviations, see “URL
Category Descriptions” on page 293.
172.xx.xx.xx TCP_MISS/302 656 GET http://my.website.com/ - DIRECT/
my.website.com text/plain ALLOW_WBRS-MyAccessPolicy-MyIdentity-NONE-
NONE-DefaultRouting <CTGY,6.0,-,-,-,-,-,-,-,-,-,-,-,0,0,CTGY,->
my.website.com text/plain ALLOW_WBRS-MyAccessPolicy-MyIdentity-NONE-
NONE-DefaultRouting <CTGY,6.0,-,-,-,-,-,-,-,-,-,-,-,0,0,CTGY,->
1160078708.895 199 172.xx.xx.xx TCP_DENIED/403 1996 GET http://
www.website.com/path/ - NONE/- - BLOCK_AMW_REQ-MyAccessPolicy-
MyIdentity-NONE-NONE-DefaultRouting <nc,ns,10,”Malware”,100,-,-,-,-,-
,-,-,-,0,0,nc,->
www.website.com/path/ - NONE/- - BLOCK_AMW_REQ-MyAccessPolicy-
MyIdentity-NONE-NONE-DefaultRouting <nc,ns,10,”Malware”,100,-,-,-,-,-
,-,-,-,0,0,nc,->
Table 20-8 Access Log File Entry — Web Reputation and Anti-Malware Information (Continued)
Field Value
Example 1
Example 1
Field Value
Example 2
Example 2
Description