Cisco Cisco Web Security Appliance S690 User Guide
C H A P T E R
13-1
AsyncOS 8.1 for Cisco Web Security User Guide
13
File Reputation Filtering and File Analysis
•
•
•
•
•
Overview of File Reputation Filtering and File Analysis
Advanced Malware Protection uses cloud-based services to protect against zero-day and targeted
file-based threats by:
file-based threats by:
•
Obtaining each file’s reputation.
•
Analyzing behavior of certain files with unknown reputations.
•
Notifying you about files that are determined to be threats after they have entered your network.
These features are available only for file downloads. Uploaded files are not evaluated.
File Threat Verdict Updates
Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or
clean, and the user may thus be allowed to access the file. If the threat verdict changes, you will be
alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate
the point-of-entry transaction as a starting point to remediating any impacts of the threat.
clean, and the user may thus be allowed to access the file. If the threat verdict changes, you will be
alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate
the point-of-entry transaction as a starting point to remediating any impacts of the threat.
Verdicts can also change from malicious to clean.
When the appliance processes subsequent instances of the same file, the updated verdict is immediately
applied.
applied.
Related Topics
•
•