Cisco Cisco Web Security Appliance S380 Guida Utente
8-6
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 8 Configuring Security Services
Understanding Adaptive Scanning
Understanding Adaptive Scanning
Adaptive Scanning decides which anti-malware scanning engine (including Advanced Malware
Protection scanning for downloaded files) will process the web request. Adaptive Scanning applies the
‘Outbreak Heuristics’ anti-malware category to transactions it identifies as malware prior to running any
scanning engines. You can choose whether or not to block these transactions when you configure
anti-malware settings on the appliance.
Protection scanning for downloaded files) will process the web request. Adaptive Scanning applies the
‘Outbreak Heuristics’ anti-malware category to transactions it identifies as malware prior to running any
scanning engines. You can choose whether or not to block these transactions when you configure
anti-malware settings on the appliance.
Adaptive Scanning and Access Policies
When Adaptive Scanning is enabled, some anti-malware and reputation settings that you can configure
in Access Policies are slightly different:
in Access Policies are slightly different:
•
You can enable or disable web reputation filtering in each Access Policy, but you cannot edit the
Web Reputation Scores.
Web Reputation Scores.
•
You can enable anti-malware scanning in each Access Policy, but you cannot choose which
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
anti-malware scanning engine to enable. Adaptive Scanning chooses the most appropriate engine for
each web request.
Note
If Adaptive Scanning is not enabled and an Access Policy has particular web reputation and anti-malware
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
settings configured, and then Adaptive Scanning is enabled, any existing web reputation and
anti-malware settings are overridden.
Per-policy Advanced Malware Protection settings are the same whether or not Adaptive Scanning is
enabled.
enabled.
Maintaining the Database Tables
The web reputation, Webroot, Sophos, and McAfee databases periodically receive updates from the
Cisco IronPort update server. Server updates are automated and the update interval is set by the server.
Cisco IronPort update server. Server updates are automated and the update interval is set by the server.
The Web Reputation Database
The Web Security appliance maintains a filtering database that contains statistics and information about
how different types of requests are handled. The appliance can also be configured to send web reputation
statistics to a Cisco SensorBase Network server. SensorBase server information is leveraged with data
feeds from the SensorBase Network and the information is used to produce a Web Reputation Score.
how different types of requests are handled. The appliance can also be configured to send web reputation
statistics to a Cisco SensorBase Network server. SensorBase server information is leveraged with data
feeds from the SensorBase Network and the information is used to produce a Web Reputation Score.
Logging of Web Reputation Filtering Activity and DVS Scanning
The access log file records the information returned by the Web Reputation Filters and the DVS engine
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.
for each transaction. The scanning verdict information section in the access logs includes many fields to
help understand the cause for the action applied to a transaction. For example, some fields display the
web reputation score or the malware scanning verdict Sophos passed to the DVS engine.