Cisco Cisco Web Security Appliance S670 Guia Do Utilizador
13-11
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 13 Configuring Security Services
Configuring Anti-Malware and Reputation in Policies
Step 7
Configure the anti-malware settings for the policy as necessary.
Step 8
Submit and Commit Changes.
Related Topics
•
Configuring Anti-Malware and Reputation Settings with Adaptive Scanning Disabled
Step 1
Choose Web Security Manager > Access Policies.
Step 2
Click the Anti-Malware and Reputation link for the Access Policy you want to configure.
Step 3
Under the Web Reputation and Anti-Malware Settings section, choose Define Web Reputation and
Anti-Malware Custom Settings.
Anti-Malware Custom Settings.
This allows you to configure web reputation and anti-malware settings for this Access Policy that differ
from the global policy.
from the global policy.
Step 4
Configure the settings in the Web Reputation Settings section.
Step 5
Configure the settings in the Advanced Malware Protection Settings section.
Step 6
Scroll down to the Cisco DVS Anti-Malware Settings section.
Step 7
Configure the anti-malware settings for the policy as necessary.
Setting
Description
Enable Suspect User
Agent Scanning
Agent Scanning
Choose whether or not to scan traffic based on the user agent field specified in
the HTTP request header.
the HTTP request header.
When you select this checkbox, you can choose to monitor or block suspect
user agents in the Additional Scanning section at the bottom of the page.
user agents in the Additional Scanning section at the bottom of the page.
Enable Anti-Malware
Scanning
Scanning
Choose whether or not to use the DVS engine to scan traffic for malware.
Adaptive Scanning chooses the most appropriate engine for each web request.
Adaptive Scanning chooses the most appropriate engine for each web request.
Malware Categories
Choose whether to monitor or block the various malware categories based on
a malware scanning verdict.
a malware scanning verdict.
Other Categories
Choose whether to monitor or block the types of objects and responses listed
in this section.
in this section.
Note
The category Outbreak Heuristics applies to transactions which are
identified as malware by Adaptive Scanning prior to running any
scanning engines.
identified as malware by Adaptive Scanning prior to running any
scanning engines.
Note
URL transactions are categorized as unscannable when the configured
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or
AsyncOS upgrades. The malware scanning verdicts SV_TIMEOUT
and SV_ERROR, are considered unscannable transactions.
maximum time setting is reached or when the system experiences a
transient error condition. For example, transactions might be
categorized as unscannable during scanning engine updates or
AsyncOS upgrades. The malware scanning verdicts SV_TIMEOUT
and SV_ERROR, are considered unscannable transactions.