Cisco Cisco Web Security Appliance S170 사용자 가이드
19-8
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 19 Configuring Security Services
Understanding Adaptive Scanning
McAfee Categories
lists the McAfee verdicts and how they correspond to malware scanning verdict categories.
For a list of malware scanning verdicts, see
Sophos Scanning
The Sophos scanning engine inspects objects downloaded from a web server in HTTP responses. After
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if the client machines have McAfee anti-malware software
installed.
inspecting the object, it passes a malware scanning verdict to the DVS engine so the DVS engine can
determine whether to monitor or block the request. You might want to enable the Sophos scanning engine
instead of the McAfee scanning engine if the client machines have McAfee anti-malware software
installed.
For more information about how the DVS engine uses malware scanning verdicts to handle web traffic,
see
see
.
Understanding Adaptive Scanning
Adaptive Scanning is a logic layer that associates web reputation and the content type and decides based
on the current threat profile which anti-malware scanning engine will process the web request.
on the current threat profile which anti-malware scanning engine will process the web request.
Adaptive Scanning improves efficacy by identifying high-risk content and automatically selecting the
best combination of available anti-malware services. Content which is identified as known malware can
be automatically blocked. Adaptive Scanning applies the “Outbreak Heuristics” anti-malware category
to transactions it identifies as malware prior to running any scanning engines. You can choose whether
or not to block these transactions when you configure anti-malware settings on the appliance.
best combination of available anti-malware services. Content which is identified as known malware can
be automatically blocked. Adaptive Scanning applies the “Outbreak Heuristics” anti-malware category
to transactions it identifies as malware prior to running any scanning engines. You can choose whether
or not to block these transactions when you configure anti-malware settings on the appliance.
Enabling Adaptive Scanning increases efficacy for filtering out malware, but causes a slight decrease in
appliance performance.
appliance performance.
To use Adaptive Scanning, you must enable Web Reputation Filters.
When Adaptive Scanning is enabled, the web reputation and anti-malware settings you can configure in
Access Policies is slightly different:
Access Policies is slightly different:
Table 19-4
Appliance Categories for McAfee Verdicts
McAfee Verdict
Malware Scanning Verdict Category
Known Virus
Virus
Trojan
Trojan Horse
Joke File
Adware
Test File
Virus
Wannabe
Virus
Killed
Virus
Commercial Application
Commercial System Monitor
Potentially Unwanted Object
Adware
Potentially Unwanted Software Package
Adware
Encrypted File
Encrypted File