Cisco Cisco Email Security Appliance C680 User Guide

Only the SHA that uniquely identifies a file is sent to the reputation service in the cloud. The file 
itself is not sent. 

If you are using the file analysis service in the cloud and a file qualifies for analysis, the file itself 
is sent to the cloud. 

Information about every file that is sent to the cloud for analysis and has a verdict of “malicious” is 
added to the reputation database. This information is used along with other data to determine a 
reputation score. 

Information about files analyzed by an on-premises Cisco AMP Threat Grid appliance is not shared 
with the reputation service. 

If you have configured your appliance to allow data to be sent to the Sender Base Reputation 
Service, information about certain files is sent. For details, see information about the AMP cloud in 

 

All Email Security appliances that use these services must be able to connect to them directly over 
the Internet (excluding file reputation and analysis services configured to use an on-premises 
appliance.) 

 By default, communication with file reputation and cloud-based analysis services is routed through 
the interface that is associated with the default gateway. To route this traffic through a different 
interface, create a static route for each address in the Advanced section of the Security Services > 
File Reputation and Analysis page. 

For information about required open firewall ports, see