How does Symantec Web Gateway determine the Blacklist action?
Last Updated September 14, 2011
You create a blacklist, and set the Type, Severity and Category as you want. Then, you may meet an issue that the action may not be performed as you want.
To determine the action, SWG will check the matching policy's configuration. In policy configuration, there are three settings will affect the blacklist action.
If the action are not the same, the final action will be determined by the order of above settings.
For example: If you set the Category to Minor spyware web site, Severity to Minor, and the Type to Block by URL. Then, when the user hit this blacklist, the action need to check the matched policy, and follow the order to determine the result. By default, the first action configure is Spyware Category, the second is Spyware Severity, and the third is Detection Type. This blacklist will hit the Category as "Minor Spyware Web Site", Severity as "Minor", Detection Type as "Malware URL".
Then the final action will follow the order of the policy.
When you add a Web site to the blacklist, it affects all policies.
If a URL access occurs that matches the blacklist entry, SWG checks for a matching policy for the computer.
The Spyware Severity and Spyware Category in the matching policy determine the action by order: First Match, First Apply.
You do not need the URL filtering license to block or monitor Web sites using the blacklist.
Imported Document ID: TECH168491
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe