Actually the latest CX code does do Malware prevention. You could also purchase the Malware Prevention license on the regular ASA (non-CX). There are no Cisco products that do anti-virus though. Honestly an edge device should not be used for anti-virus. A/V should be directly on your hosts.
I don't have an official link. I upgraded to the latest CX this week and one of the new features is a malware engine. If you like I can give you a screenshot.
Lakshman- The main difference between CX and WSA is that the CX can dig deeper into a packet and see what it's doing (Facebook games, Facebook posting, Facebook videos). The CX can also inspect traffic on non-standard web ports, where as (AFAIK) WSA can only look at TCP 80 and 443.
Malware protection in the Next Generation Firewall (NGFW = how Cisco is now banding the CX) is under the auspices of Web Reputation Filtering. See this section of the 9.2 user guide.
I would sort of agree with Colin in that edge-only AV protection is not very useful. A more holistic approach like what Sourcefire does with FireAMP on clients plus the firewall-side piece of that solution is actually a pretty nice approach. We can hope to see more of that technology in the Cisco-branded products going forward now that the Sourcefire acquisition has closed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :