11-29-2019 04:12 AM
Hi,
On a WSA with WSA Essentials Licensing (No AV Scanning) I am looking for clarification what happens with URL WBRS Scores between (-6 +6) with a default scan action when no AV/Anti-Malware Licences are enabled on the WSA.
Documentation states the Request is passed to the DVS engine for further malware scanning.
thanks
Ian
12-25-2019 06:36 AM
its all depends on your Access Policy you configured :
More FAQ can be found here :
12-29-2019 04:52 AM - edited 12-29-2019 04:56 AM
Hello iwearing,
The WBRS score means the following:
-10 to -5.9 Block
-6 to +6 Neutral
+6 to +10 Allow
The main idea of the access policies or decryption policies is to figure out an ALLOW or Block action.
If we hit the Web reputation engine and we haven't been able to assign an ALLOW or BLOCK action to the URL and WBRS score is between -6 to +6 which has a status of NEUTRAL and as you mentioned there is no other scanning, then the URL will be allowed and the ACL DECISION TAG in the access logs would be DEFAULT_CASE_12.
You can check the Reputation of any URL at "www.talosintelligence.com". It will show the reputation as POOR,NEUTRAL and GOOD. The exact WBRS score of a URL can be checked in the accesslogs provided your box is updated.
Hope this answers your question.
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide