How can I block websites with malicious reputation in UTM 9.3?

Have you checked the box "Block Spyware infections and communications" on each Web Filter and have enabled AV scanning on your Web policies?

Uncategorised sites can be blocked or allowed in each Web policy.
You can also block websites below x threshold e.g below neutral in each Web policy.

If you have individual sites you want to block these can be added to the Websites tab under each policy or globally under Filtering options | Websites where you can override category and reputation.

When you select "Block websites with a reputation below a threshold of: Suspicious" that means you allow suspicious and block things that are worse (which is Malicious). It does not make sense to put Malicious in the drop down because "below threshold of malicious" does not exist. If you want to block both Suspicious and Malicious then choose "below unverified".

There's some confusion about "Malicious" as there also are two sub-categories: "Malicious downloads" and "Malicious sites" that I normally include in categories to be blocked by default when architecting a configuration. Check that you're doing the same.

If you're blocking sites below "Suspicious" and you had a site with a Reputation of "Malicious" passed, please show us the corresponding line from the Web Filtering log file.

Cheers - Bob

Thanks.

Thanks to everyone for helping to find the answer.