Website content filtering / Virus detection device
Hi all
I'm in the market for a content / url / device for our network of virus scanning. We currently use the Web MXLogic defence service, and while it is very cheap it is not suited to our needs. What I want is a device that will do filtering of content, but also viruses / malware / spyware scan on web traffic. I would also need to be able to setup policies / groups different set of users. For example the people who buy the products we sell must be able to see our content of multimedia (streaming) video sellers so that our sales people don't. I can't currently do with MXLogic, it's all or nothing.
Our firewall is an ASA5510 and I looked at the module Content Security SSM-10 with the greater license and while the price is really attractive I have a few questions about it. It integrates with MS Active Directory? In other words, and it filters based on policies and groups or more IP / ACL based? Also does perform well?
I have looked also sell IronPort product cisco and have similar questions about it especially which people experience with it, it's something that you would recommend?
Hi Allen,.
To answer your questions related to the CSC module:
1. No, the CSC module does not fit with Active Directory. It's something that Trend Micro has in the works, but right now, there is no ETA for this feature.
2. the module CSC happen enough well if used in the environment it was designed for. I recommend watching CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
I can't speak to the performance/features of IronPort like I the have not used personally, but I've heard good things. Also, external devices of Websense seem to be a popular choice when you need a product that is a little more scalable or granular than can provide the CSC module.
Hope that helps.
-Mike
Tags: Cisco Security
Similar Questions
-
Suspected false positive Virus detection
Recently I install Avira Antivirus and run a few scans in my Compaq Presario and a virus known as APPL/ACLSet is still found in the following location:
Hewlett-Packard HP TCS\SetACL.exe C:\Program
[DETECTION] Contains the recognition of the application APPL/ACLSet model
Since it is in the HP program file I suspect it is a file that is used by HP for some purposes as update or others. So I just ignore it.
October 3, 2009, I run a scan again and this time there are more new detections in addition to the former as below:
Hewlett-Packard HP TCS\SetACL.exe C:\Program
[DETECTION] Contains the recognition of the application APPL/ACLSet model
C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe
[DETECTION] Is the horse of Trojan TR/tr/dropper.Gen
BEGIN scan in "D:\". »
D:\hp\Drv\APP01300\src\KbdStub.exe
[DETECTION] Is the horse of Trojan TR/tr/dropper.Gen
End of the scan: Saturday, October 3, 2009 10:26
Time: 01:00:06 am
While they inspected with Avira website, it is that TR | TR/dropper.Gen is a new virus detected only on October 1, 2009 and it seems to be the superior and most recent threat.
Even once since it was associated with the HP program I just ignore it for now.
Can someone give me a confirmation of 100% if these detection was just false positive or are they really malicious virus/malware? If I just ignore them or get rid of them? If I get rid of them and they turn out to be legitimate programs from HP, this will affect my PC in anyway?
Thank you much in advance.
Message edited by Adscense on 02/10/2009 20:58Message edited by Adscense on 02/10/2009 20:59Hello hpfannr1, I checked with the HP Total care email support and they confirmed that they are in fact viruses. The Council was to delete.
-
Hi all
Cisco ios content filtering there a cache and a user interface to connect the websites visited and the ip addresses that visit these sites?
Yes, there is action, you can configure under the plan setting.
You can also view using the below command
IOSrouter# sh policy-map type inspect zone-pair urlfilter cache detail
policy exists on zp zp
Zone-pair: zp
Service-policy inspect : trend-global-policy
Class-map: www (match-all)
Match: protocol http
Inspect
Maximum number of bytes in cache: 262144
Time to live for each cache entry (in hrs): 24
Total number of bytes used by cache: 453
Number of bytes used by domain type cache: 353
Number of bytes used by directory type cache: 100
---------------------------------------------------------------------------------------------
URL Age Idle time/ Cat::Rep
(Directory cache end with /) (day:h:m:s) access #
-----------------------------------------------------------------------------------------------
yahoo.com 0:16:47:30 2 56::1
ad.doubleclick.net 0:00:00:10 1 72::1
static.eharmony.com/static../ 0:00:00:06 0:00:00:04 12::1
Unfortunately, you can not see who has accessed to their.
I hope it helps.
PK
-
I have a Samsung Galaxy SII with T-Mobile. Model SGH-T989, version 2.3.6 Android #is
"Content filtering" is the Android Market to limit some applications that can be accessed in "mature" content. You can disable content filtering in the settings of the application market on your phone.
-Michelle
-
I can't stop the pop-up and adware ads in Safari. When I opened a new take, it is locked until I click a place twice, then two new tabs with advertising and virus detected by safari emerge
I tried following the instructions on the support page, in Apple, but it did not work.
Force to leave Safari, then with the SHIFT key, restart Safari.
Also use EtreCheck of www.etrecheck.com and see what else is running.
-
Original title: IPOD
When I plug my IPOD to the computer, there is no indication of a detected device or in ITunes there is no "peripheral" in the sidebar.
Any ideas?Hello
1. were you able to use the IPod even without any problem before?
2 have you made changes on the computer before this problem?
3 have you tried plugging it into different USB ports and check?
4. are you able to use other USB devices on the computer?
5. have you try to use the IPod even on check and another computer?
6. what operating system do you use?Answering these questions could help us help you better.
Run the following article fixit tool and check.
Hardware devices do not work or are not detected in Windows
http://support.Microsoft.com/mats/hardware_device_problems/ -
Customize the Web content filtering block Page
Does anyone how and where I can customize the block page on a SonicWall NSA 240 of web content filtering? Also, I can't using the details I thought I configured, what do you advise for this problem also?
Kind regards
RocknRollTim
You can customize the block page CFS in respect of Security Services > Content Filter > scroll down to bottom & customize it under 'block the Web page to display when '.
-
Doesn´t 'filter' https content filtering
I RV082 is running the latest firmware if I try to activate web filerfing under "Content filtering" by web address or keyword ony he works for HTTP sites. Lets say, I try to block www.facebook.com I get ""this URL or the Page has been blocked " "
If I type https://www.facebook.com facebook without problem. It looks that the HTTP protocol is checked and blocked.
Also if I try to 'Planning' and apply rule from 08:00 to 13:00 it allows me to access it. Am I missing something?
Hi Mario, HTTPS can not really be blocked unless the router is able to perform a reverse DNS lookup. If you want to block https flavors of a Web site you need a service that can perform the DNS inverted like OpenDNS.
-Tom
Please mark replied messages useful -
When I try to download from Microsoft I get a virus detected error erased file
Original title: carnt download anything
When I try to download from Microsoft I get a virus detected error erased file
When I try to download from Microsoft I get a virus detected error erased file
Probably because your computer is infected with a rootkit. See if these steps in removing viruses, marked as the answer, apply to you:
-
expiry of ios content filtering
Hello
now that the IOS using Trend Micro content filtering is EOL and replaced by ScanSafe, can someone tell if ScanSafe is a subscription based and what are the new SKUS of ScanSafe references
Thank you
Yes, Scansafe is on subscription and license of user base.
in regard to SKU, you might want to contact your representative local Cisco.
-
Content filtering IOS / user / HTTPS
Hello!
We are looking for a small client to IOS content filtering and I hope someone can answer a few questions about this quickly.
(1) can you make content by user, strategies... so different filtering for different users by username? I see that you can do by addy/range of IP, it seems
(2) can make HTTPS inspection? It wasn't able to earlier, just to check to see if something has changed!
Thank you!
Ben
(1) No, IOS content with trend filtering cannot do by user content filtering.
(2) it cannot inspect HTTPS too.
If you want to have both the above, you can go with cloud of ScanSafe, URL filtering and Malware/Spyware Windows. It is supported as well by the user content filtering as well as HTTPS inspection.
Here is the guide of IOS on Web Filtering of ScanSafe for your reference:
http://www.Cisco.com/en/us/docs/iOS-XML/iOS/sec_data_zbf/configuration/15-2mt/ScanSafe-Web-sec.html
http://www.Cisco.com/en/us/docs/security/web_security/ISR_SS/ISR_ScanSafe_SolutionGuide.PDF
Hope that answers your questions.
-
Issue of certificate IOS content filtering
Hello
Regarding the configuration of the Cisco IOS content filtering, the certificate that must be downloaded from this page (applicationshttp://cisco.com/en/US/products/ps5854/products_configuration_example09186a0080816c23.shtml the router IP address... What happens if it's not a static public ip address and a dynamic?
Ill be grateful with any input on this...
Thank you and best regards,
The cert install page auto request ip address in order to go to the router and the provision by installing cert on this.
If the router must have http enabled from this page will give you the ip address and the tool will ask you the credentials of the router and connect and install the necessary certificate.
If the ip address is dynamic bit is important because you will need to install the cert only once.
I hope it helps.
PK
-
Issue with 890 series SRI URL content filtering
Hello, I'm wondering if anyone can confirm whether or not the URL content filtering subscription available for these routerts has the abiliuty to selectively apply only to users you want. Or rather, to computers, perhaps by MAC address. We seek to implement a configuration of whitelist of URLS, but only for the publick workstations.
Thank you.
It's been a while but I think that content filtering is done through the MQC (style class-map/policy-map). You could just create a class map for guests you care and then put them through the policy of inspecting it.
-
images of the SSL vpn-html-content filtering
Hello
I'm trying to do content filtering via ssl VPN (clientless) on ASA 5505
Above command is supposed to block anything with the html img tag, but it seems not to do.
# sh run Group Policy
Group without internal customer-grp-policy policy
attributes without customer-grp-policy-group policy
value of server DNS 8.8.8.8
VPN-tunnel-Protocol webvpn
Split-tunnel-policy tunnelall
WebVPN
bookmark URL-list value
filtering the content-HTML-java images cookies
SVC request to enable default webvpn
#sh run tunnel-group
Remote clientless-tunnel tunnel-group type
attributes global-tunnel-group clientless-tunnel
without client group policy - by default-grp-policy
tunnel-group clientless-tunnel webvpn-attributes
Group-alias clientless-alias enable
What I'm missing here? or am I just misunderstood how it works?
Thank you!
Hello
How it works for you?
Thank you.
Portu.
-
There are two days, I have mistakenly connection adobe, including cloud and detection viruses that I don't need. I want to cancel my order. Can you help me in this matter:
[personal information by moderator - please do not share private information in a public forum, for users. If you want assistance, contact customer support]
I would like to cancel or return my order ADOO6329126. Can you confirm the cancellation? Peter Stein, deleted email
Van: Sarojini.Nagar
Verzonden: maandag 4 April 2016 19:11
Aan: Peter Stein
Onderwerp: Two days ago, I acquired a connection adobe, including clouds and virus detection. I made this order by mistake and would ike that he cancelled.
Two days ago, I acquired a connection adobe, including clouds and virus detection. I made this order by mistake and would ike that he cancelled.
created by https://forums.adobe.com/people/Sarojini.Nagar> Sarojini.Nagar for download, installation, commissioning - https://forums.adobe.com/message/8654018#8654018> view complete discussion
Maybe you are looking for
-
I want to see my e-mail with the basic settings, but it will return to their value by default whenever I connect. I have my set Firefox to remember the story and save cookies.
-
Help me choose the HP Pavilion Desktop PC
Hello! Please help me choose the HP Pavilion Desktop Pc which has 3 features- 1 150 - 200W power consumption. 2. easily extensible. 3. must have Windows 7 Upgrade offer with it. I'm of the India, I chose only the PC models to choose among them. Kind
-
Satellite Pro P300 - screen remains blank after power on
My Toshiba Satellite Pro P300 power on, the screen remains blank. Can someone please help?
-
HP 15-R006TU: computer HP laptop 15-R006TU left half of the screen has turned white
I turned my HP 15-R006TU laptop to Hibernate mode before going to sleep last night. Today morning when I turned it on half of the screen was white with a few lines inside. All software and operating system works very well. Its like it has a white cov
-
Computer ThinClient T510, T610 Citrix Receiver branding
Nice day Does anyone know where the file that manages the configuration of the appearance of the Citrix Receiver on the Smart zero Core OS screen? I was able to change the background, add my logo and other things but I would like to change the backgr