What are the differences between the Content Filtering and Threat Protection tabs in the Web Security Service (WSS) portal?
Do I need to create policy in Threat Protection if I already have policy in Content Filtering?
The Content Filtering tab in WSS is for policy enforcement and allows or disallows access to content based on its category and other criteria. Rules based on who is able to access particular categories or perform specific actions should be placed here.
The Threat Protection tab determines whether content receives virus scanning. By default, all web content is scanned for viruses. If a particular URL encounters issues when scanned for threats, the Threat Protection tab lets you exempt trusted sources, destinations, and web apps from malware scanning. However, it is not common to exclude websites from virus scanning. Under that section, you are also able to configure policy based on risk scores if you have the 'Advanced Web Security with Risk Controls and Application Visibility' license.
You do not need to duplicate policy in both Content Filtering and Threat Protection. Any rules that are created to allow or disallow access to specific sites or categories should only be placed in Content Filtering while Threat Protection is used to address specific issues with malware scanning.