06-02-2017 12:33 AM
Hi everybody,
in the Anti-Malware Settings I have the choice between monitor and block traffic. Can somebody tell me what happens when I set the option to monitor? Is the traffic logged only? Or will the DVS inspect the packet and drop only if it's malicious?
Are the malware categories based on URL-categories? I do not understand the concept yet.
Thanks for your help.
Best regards
Johannes
Solved! Go to Solution.
06-11-2017 09:57 PM
Hi,
Malware categories are different from URL-categories.
If you look at below user guide and go to page 248, it will list out all the descriptions of malware categories:
http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa9-0/wsa9-1/WSA_9-1-1_UserGuide.pdf
Regarding to Monitor against Block.
If the verdict from the scanning engines contain malicious and has been set to block then the appliance will blocks it.
If the verdict from scanning engines contain malicious and the setting set to Monitor, it will still deliver the content to the client with the verdict logged in the appliance logs.
If one of the scanning engines inside DVS has been set to block while the rest is monitor and found there is malicious threat in the request, it will overwrite it and block automatically.
You can get more details from the user guide as well on page 235
Regards
Handy Putra
06-11-2017 09:57 PM
Hi,
Malware categories are different from URL-categories.
If you look at below user guide and go to page 248, it will list out all the descriptions of malware categories:
http://www.cisco.com/c/dam/en/us/td/docs/security/wsa/wsa9-0/wsa9-1/WSA_9-1-1_UserGuide.pdf
Regarding to Monitor against Block.
If the verdict from the scanning engines contain malicious and has been set to block then the appliance will blocks it.
If the verdict from scanning engines contain malicious and the setting set to Monitor, it will still deliver the content to the client with the verdict logged in the appliance logs.
If one of the scanning engines inside DVS has been set to block while the rest is monitor and found there is malicious threat in the request, it will overwrite it and block automatically.
You can get more details from the user guide as well on page 235
Regards
Handy Putra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide