Cisco Cisco Web Security Appliance S170 사용자 가이드
20-37
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Log File Fields and Tags
Related Topics
•
.
•
.
Malware Scanning Verdict Values
A malware scanning verdict is a value assigned to a URL request or server response that determines the
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or
block the scanned object. Each malware scanning verdict corresponds to a malware category listed on
the Access Policies > Reputation and Anti-Malware Settings page when you edit the anti-malware
settings for a particular Access Policy.
probability that it contains malware. The Webroot, McAfee, and Sophos scanning engines return the
malware scanning verdict to the DVS engine so the DVS engine can determine whether to monitor or
block the scanned object. Each malware scanning verdict corresponds to a malware category listed on
the Access Policies > Reputation and Anti-Malware Settings page when you edit the anti-malware
settings for a particular Access Policy.
The following lists the different Malware Scanning Verdict Values and each malware category with
which they correspond:
which they correspond:
MONITOR_WBRS
The Web Proxy monitored the transaction based on the Web
Reputation filter settings for the Access Policy group.
Reputation filter settings for the Access Policy group.
NO_AUTHORIZATION
The Web Proxy did not allow the user access to the
application because the user was already authenticated
against an authentication realm, but not against any
authentication realm configured in the Application
Authentication Policy.
application because the user was already authenticated
against an authentication realm, but not against any
authentication realm configured in the Application
Authentication Policy.
NO_PASSWORD
The user failed authentication.
PASSTHRU_ADMIN
The Web Proxy passed through the transaction based on
some default settings for the Decryption Policy group.
some default settings for the Decryption Policy group.
PASSTHRU_WEBCAT
The Web Proxy passed through the transaction based on
URL category filtering settings for the Decryption Policy
group.
URL category filtering settings for the Decryption Policy
group.
PASSTHRU_WBRS
The Web Proxy passed through the transaction based on the
Web Reputation filter settings for the Decryption Policy
group.
Web Reputation filter settings for the Decryption Policy
group.
REDIRECT_CUSTOMCAT
The Web Proxy redirected the transaction to a different
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
URL based on a custom URL category in the Access Policy
group configured to “Redirect.”
SAAS_AUTH
The Web Proxy allowed the user access to the application
because the user was authenticated transparently against the
authentication realm configured in the Application
Authentication Policy.
because the user was authenticated transparently against the
authentication realm configured in the Application
Authentication Policy.
OTHER
The Web Proxy did not complete the request due to an error,
such as an authorization failure, server disconnect, or an
abort from the client.
such as an authorization failure, server disconnect, or an
abort from the client.
ACL Decision Tag
Description
Malware Scanning Verdict Value
Malware Category
-
Not Set
0 Unknown