Cisco Cisco Web Security Appliance S690 User Guide
16-9
Cisco AsyncOS 8.5 for Email User Guide
Chapter 16 File Reputation Filtering and File Analysis
Troubleshooting File Reputation and Analysis
Step 2
Click the relevant SHA-256 link to view web tracking data for all transactions involving that file that
end users were allowed to access.
end users were allowed to access.
Step 3
Using the tracking data, identify the users that may have been compromised, as well as information such
as the file names involved in the breach and the web site from which the file was downloaded.
as the file names involved in the breach and the web site from which the file was downloaded.
Step 4
Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat
behavior of the file in more detail.
behavior of the file in more detail.
Related Topics
•
Troubleshooting File Reputation and Analysis
•
•
•
Log Files
In logs:
•
AMP
and
amp
refer to the file reputation service or engine.
•
Retrospective
refers to verdict updates.
•
VRT
and
sandboxing
refer to the file analysis service.
Advanced Malware Protection information is logged in Access Logs or in AMP Engine Logs. For more
information, see the chapter on monitoring system activity through logs.
information, see the chapter on monitoring system activity through logs.
Multiple Alerts About Failed File Reputation Queries
Problem
You receive multiple alerts about failures to query the file reputation service.
Solution
•
Ensure that you have met the requirements in
.
•
Check for network issues that may prevent the appliance from communicating with the cloud
services.
services.
•
Increase the Query Timeout value:
Select Security Services > Anti-Malware and Reputation . The Query Timeout value is in the
Advanced settings area of the Advanced Malware Protection Services section.
Advanced settings area of the Advanced Malware Protection Services section.