Cisco Cisco Web Security Appliance S170 사용자 가이드
20-14
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 20 Configuring Security Services
Configuring Web Reputation and Anti-Malware in Policies
Step 6
Configure the anti-malware settings for the policy as necessary.
describes the anti-malware
settings you can configure for Access Policies when Adaptive Scanning is disabled.
Step 7
Submit and commit your changes.
Configuring Web Reputation Scores
When you install and set up the Web Security appliance, it has default settings for Web Reputation
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.
Scores. However, you can modify threshold settings for web reputation scoring to fit your organization’s
needs.
You configure the web reputation filter settings for each policy group.
Configuring Web Reputation for Access Policies
You can edit the web reputation score thresholds in Access Policies when Adaptive Scanning is disabled.
To edit the web reputation score thresholds for an Access Policy:
Step 1
Navigate to the Web Security Manager > Access Policies page.
Table 20-7
Anti-Malware Settings for Access Policies—Adaptive Scanning Disabled
Setting
Description
Enable Suspect User
Agent Scanning
Agent Scanning
Choose whether or not to enable the appliance to scan traffic based on the user
agent field specified in the HTTP request header.
agent field specified in the HTTP request header.
When you select this checkbox, you can choose to monitor or block suspect user
agents in the Additional Scanning section at the bottom of the page.
agents in the Additional Scanning section at the bottom of the page.
Enable Webroot
Choose whether or not to enable the appliance to use the Webroot scanning
engine when scanning traffic. When you enable Webroot scanning, you can
choose to monitor or block some additional categories in the Malware
categories on this page.
engine when scanning traffic. When you enable Webroot scanning, you can
choose to monitor or block some additional categories in the Malware
categories on this page.
Enable Sophos or
McAfee
McAfee
Choose whether or not to enable the appliance to use either the Sophos or
McAfee scanning engine when scanning traffic. When you enable Sophos or
McAfee scanning, you can choose to monitor or block some additional
categories in the Malware categories on this page.
McAfee scanning engine when scanning traffic. When you enable Sophos or
McAfee scanning, you can choose to monitor or block some additional
categories in the Malware categories on this page.
Malware Categories
Choose whether to monitor or block the various malware categories based on a
malware scanning verdict.
malware scanning verdict.
The categories listed in this section depend on which scanning engines you
enable above. For more information on each category, see
enable above. For more information on each category, see
Other Categories
Choose whether to monitor or block the types of objects and responses listed in
this section.
this section.
Note
URL transactions are categorized as unscannable when the configured
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or AsyncOS
upgrades. The malware scanning verdicts SV_TIMEOUT and
SV_ERROR, are considered unscannable transactions.