Cisco Cisco Email Security Appliance C670 User Guide
17-15
Cisco AsyncOS 9.5 for Email User Guide
Chapter 17 File Reputation Filtering and File Analysis
Troubleshooting File Reputation and Analysis
Step 4
Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat
behavior of the file in more detail.
behavior of the file in more detail.
Related Topics
•
Troubleshooting File Reputation and Analysis
•
•
•
Log Files
In logs:
•
AMP
and
amp
refer to the file reputation service or engine.
•
Retrospective
refers to verdict updates.
•
VRT
and
sandboxing
refer to the file analysis service.
Information about Advanced Malware Protection including File Analysis is logged in AMP Engine
Logs..
Logs..
File reputation filtering and analysis events are logged in AMP Engine logs and Mail logs.
In the log message "Response received for file reputation query" possible values for "upload action" are:
•
0: The file is known to the reputation service; do not send for analysis.
•
1: Send
•
2: The file is known to the reputation service; do not send for analysis.
Using Trace
Trace is not available for the file reputation filtering and analysis features. Instead, send a test message
from an account outside your organization.
from an account outside your organization.
Several Alerts About Failure to Connect to File Reputation or File Analysis
Servers
Servers
Problem
You receive several alerts about failures to connect to the file reputation or analysis services in
the cloud. (A single alert may indicate only a transient issue.)
Solution