Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Cisco Ironport WSA - WBRS vs Adaptive Scanning

We are currently evaluating Ironport for our internet gateway. We are finding the product to be generally superb, but we've having a problem with getting false negatives results when we have Adaptive Scanning turned on. An example would be a recent phishing site of "click.emkt-uolhost.com". Using Adaptive Scanning this known bad site (with a WBRS of -3.9) was permitted (ie: a false negative result, as it is clearly a malicious host), however with Adaptive Scanning turned off, and WBRS turned on and set to block everything with a reputation below -3 it is now blocked.  The down side of this is that with WBRS set to -3 there are numerous common websites which are suddenly blocked as false positives (good sites which are failing the WBRS test); Bing images is currently such a site.

How do most of you handle it? Leave Adaptive Scanning turned on, and accept false negatives, or manually add the false positives to a "grey list" of sites which are actually ok but which are failing the WBRS test?


Cheers
Dave Stanley
IT Security Manager

Everyone's tags (1)
485
Views
0
Helpful
0
Replies
CreatePlease to create content