Cisco Cisco Email Security Appliance C160 Betriebsanweisung
C H A P T E R
16-1
Cisco AsyncOS 8.5.5 for Email Security User Guide
16
File Reputation Filtering and File Analysis
•
•
•
•
•
Overview of File Reputation Filtering and File Analysis
Advanced Malware Protection uses cloud-based services to protect against zero-day and targeted
file-based threats in email attachments by:
file-based threats in email attachments by:
•
Obtaining each file’s reputation.
•
Analyzing behavior of certain files with unknown reputations.
•
Notifying you about files that are determined to be threats after they have entered your network
These features are available only for incoming messages. Files attached to outgoing messages are not
evaluated.
evaluated.
File Threat Verdict Updates
Because Advanced Malware Protection is focused on targeted and zero-day threats, threat verdicts can
change as new information emerges.
change as new information emerges.
A file may initially be evaluated as unknown or clean, and the file may therefore be released to the
recipient. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the
AMP Verdict Updates report. You can investigate the point-of-entry message as a starting point to
remediating any impacts of the threat.
recipient. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the
AMP Verdict Updates report. You can investigate the point-of-entry message as a starting point to
remediating any impacts of the threat.
Verdicts can also change from malicious to clean.
When the appliance processes subsequent instances of the same file, the updated verdict is immediately
applied.
applied.
Related Topics
•
•