Cisco Cisco Web Security Appliance S170 Guía Del Usuario
C H A P T E R
16-1
Cisco AsyncOS 8.5 for Email User Guide
16
File Reputation Filtering and File Analysis
•
•
•
•
•
Overview of File Reputation Filtering and File Analysis
Advanced Malware Protection uses cloud-based services to protect against zero-day and targeted
file-based threats by:
file-based threats by:
•
Obtaining each file’s reputation.
•
Analyzing behavior of certain files with unknown reputations.
•
Notifying you about files that are determined to be threats after they have entered your network
These features are available only for file downloads. Uploaded files are not evaluated.
File Threat Verdict Updates
Because Advanced Malware Protection is focused on targeted and zero-day threats, threat verdicts can
change as new information emerges.
change as new information emerges.
A file may initially be evaluated as unknown or clean, and the user may thus be allowed to access the
file. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the AMP
Verdict Updates report. You can investigate the point-of-entry transaction as a starting point to
remediating any impacts of the threat.
file. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the AMP
Verdict Updates report. You can investigate the point-of-entry transaction as a starting point to
remediating any impacts of the threat.
Verdicts can also change from malicious to clean.
When the appliance processes subsequent instances of the same file, the updated verdict is immediately
applied.
applied.
Related Topics
•
•