After upgrading from 6.7.x to 7.3.x getting Malware Scanning upgrade health status as CRITICAL. Refer to the below snippet:

In the 7.3.x version we have two new policies content security policy and access security policy. Please refer to https://knowledge.broadcom.com/external/article/174669 and https://knowledge.broadcom.com/external/article/174668.

In order to resolve the "Malware Scanning upgrade status" as CRITICAL, please perform the below steps:

1. In the web VPM, click Add Layer.
2. Select Content Policy and click Add.
3. Select a Protection Level. For details on these levels, refer to KB174669: https://knowledge.broadcom.com/external/article/174669
4. Add configured ICAP services to the Prioritized ICAP Fail-Over List:
    a. Click Edit. A Content Analysis ICAP Services dialog opens.
    b. From the Available list, select a service and add it to the Selected - Ordered list. The Selected-Ordered list specifies the order in which external ICAP services are tried should any services be unhealthy. You can use the arrows or drag services to change their order in the list.

     c. Click Apply to save the list.

5. Under Select Connection Security, set the connection mode for the ICAP services:
    --Always Secure: Communication between the appliance and ICAP servers is SSL encrypted.
    --Secure For Encrypted: (Default) Traffic is sent over secure ICAP.
    --Always Plain: Communication between the appliance and ICAP servers is not SSL encrypted.

6. For the Default Scan Failure Option, specify what happens when scanning fails:
    --Fail Closed: (Default) Deny the transaction.
    --Fail Open: Allow the transaction.

7. Click Add. The Content Security Policy layer is added to the VPM.

8. Click Apply Policy to save changes.