Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
5-21
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Client Malware Risk Report
The Web > Reporting > Client Malware Risk page is a security-related reporting page that can be used
to monitor client malware risk activity.
to monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
Other Malware
This category is used to catch all other malware and suspicious behavior that
does not exactly fit in one of the other defined categories.
does not exactly fit in one of the other defined categories.
Outbreak Heuristics
This category represents malware found by Adaptive Scanning independently
of the other anti-malware engines.
of the other anti-malware engines.
Phishing URL
A phishing URL is displayed in the browser address bar. In some cases, it
involves the use of domain names and resembles those of legitimate domains.
Phishing is a form of online identity theft that employs both social engineering
and technical subterfuge to steal personal identity data and financial account
credentials.
involves the use of domain names and resembles those of legitimate domains.
Phishing is a form of online identity theft that employs both social engineering
and technical subterfuge to steal personal identity data and financial account
credentials.
PUA
Potentially Unwanted Application. A PUA is an application that is not
malicious, but which may be considered to be undesirable.
malicious, but which may be considered to be undesirable.
System Monitor
A system monitor encompasses any software that performs one of the following
actions:
actions:
Overtly or covertly records system processes and/or user action.
Makes those records available for retrieval and review at a later time.
Trojan Downloader
A trojan downloader is a Trojan that, after installation, contacts a remote
host/site and installs packages or affiliates from the remote host. These
installations usually occur without the user’s knowledge. Additionally, a Trojan
Downloader’s payload may differ from installation to installation since it
obtains downloading instructions from the remote host/site.
host/site and installs packages or affiliates from the remote host. These
installations usually occur without the user’s knowledge. Additionally, a Trojan
Downloader’s payload may differ from installation to installation since it
obtains downloading instructions from the remote host/site.
Trojan Horse
A trojan horse is a destructive program that masquerades as a benign
application. Unlike viruses, Trojan horses do not replicate themselves.
application. Unlike viruses, Trojan horses do not replicate themselves.
Trojan Phisher
A trojan phisher may sit on an infected computer waiting for a specific web
page to be visited or may scan the infected machine looking for user names and
passwords for bank sites, auction sites, or online payment sites.
page to be visited or may scan the infected machine looking for user names and
passwords for bank sites, auction sites, or online payment sites.
Virus
A virus is a program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes.
your knowledge and runs against your wishes.
Worm
A worm is program or algorithm that replicates itself over a computer network
and usually performs malicious actions.
and usually performs malicious actions.
Malware Type
Description