Cisco Cisco Web Security Appliance S170 Guía Del Usuario
320
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
A N T I - M A L WA R E O V E R V I E W
The Web Security appliance anti-malware feature is a security component that uses the
IronPort DVS™ engine in combination with the Webroot™ and McAfee technology to
identify and stop a broad range of web-based malware threats.
IronPort DVS™ engine in combination with the Webroot™ and McAfee technology to
identify and stop a broad range of web-based malware threats.
For more information about the DVS engine, see “IronPort DVS™ (Dynamic Vectoring and
Streaming) Engine” on page 322.
Streaming) Engine” on page 322.
To use the anti-malware component of the appliance, you must first configure global settings
and then apply specific settings to different policies. For more information about configuring
the appliance for anti-malware scanning, see “Configuring Anti-Malware Scanning” on
page 328.
and then apply specific settings to different policies. For more information about configuring
the appliance for anti-malware scanning, see “Configuring Anti-Malware Scanning” on
page 328.
You can also view the anti-malware scanning activity in reports and in the Web Security
Monitor. For more information, see “Viewing Anti-Malware Scanning Activity” on page 332.
Monitor. For more information, see “Viewing Anti-Malware Scanning Activity” on page 332.
Malware Category Descriptions
Table 15-1 describes the different categories of malware the Web Security appliance can
block.
block.
Table 15-1 Malware Category Descriptions
Malware Type
Description
Adware
Adware encompasses all software executables and plug-ins that direct
users towards products for sale. Some adware applications have separate
processes that run concurrently and monitor each other, ensuring that the
modifications are permanent. Some variants enable themselves to run
each time the machine is started. These programs may also change
security settings making it impossible for users to make changes to their
browser search options, desktop, and other system settings.
users towards products for sale. Some adware applications have separate
processes that run concurrently and monitor each other, ensuring that the
modifications are permanent. Some variants enable themselves to run
each time the machine is started. These programs may also change
security settings making it impossible for users to make changes to their
browser search options, desktop, and other system settings.
Browser Helper Object
A browser helper object is browser plug-in that may perform a variety of
functions related to serving advertisements or hijacking user settings.
functions related to serving advertisements or hijacking user settings.
Commercial System
Monitor
Monitor
A commercial system monitor is a piece of software with system monitor
characteristics that can be obtained with a legitimate license through
legal means.
characteristics that can be obtained with a legitimate license through
legal means.
Dialer
A dialer is a program that utilizes your modem or another type of Internet
access to connect you to a phone line or a site that causes you to accrue
long distance charges to which you did not provide your full, meaningful,
and informed consent.
access to connect you to a phone line or a site that causes you to accrue
long distance charges to which you did not provide your full, meaningful,
and informed consent.
Hijacker
A hijacker modifies system settings or any unwanted changes to a user’s
system that may direct them to a website or run a program without a
user’s full, meaningful, and informed consent.
system that may direct them to a website or run a program without a
user’s full, meaningful, and informed consent.