Cisco Cisco Web Security Appliance S190 Guía Del Usuario
14-3
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Overview of File Reputation Filtering and File Analysis
Figure 14-1
Advanced Malware Protection Workflow for Cloud File Analysis Deployments
If the file is sent for analysis:
•
If the file is sent to the cloud for analysis: Files are sent over HTTPS.
•
Analysis normally takes minutes, but may take longer.
•
Information about every file that is sent to the cloud for analysis and has a verdict of "malicious" is
added to the reputation database. Information about files analyzed using an on premises Cisco AMP
Threat Grid appliance is not shared with the reputation service, but the result is cached locally.
added to the reputation database. Information about files analyzed using an on premises Cisco AMP
Threat Grid appliance is not shared with the reputation service, but the result is cached locally.
For information about verdict updates, see
.
Which Files Are Evaluated and Analyzed?
The reputation service evaluates most file types. File type identification is determined by file content and
is not dependent on the filename extension.
is not dependent on the filename extension.
Some files with unknown reputation can be analyzed for threat characteristics. When you configure the
file analysis feature, you choose which file types are analyzed. New types can be added dynamically;
you will receive an alert when the list of uploadable file types changes, and can select added file types
to upload.
file analysis feature, you choose which file types are analyzed. New types can be added dynamically;
you will receive an alert when the list of uploadable file types changes, and can select added file types
to upload.
The criteria for evaluating a file’s reputation and for sending files for analysis may change at any time.
Criteria are available only to registered Cisco customers. For information about which files are evaluated
and analyzed, see File Criteria for Advanced Malware Protection Services for Cisco Content Security
Products, available from
Criteria are available only to registered Cisco customers. For information about which files are evaluated
and analyzed, see File Criteria for Advanced Malware Protection Services for Cisco Content Security
Products, available from
.
In order to access this document, you must have a Cisco customer account with a support contract. To
register, visit
register, visit
Your setting for DVS Engine Object Scanning Limits on the Security Services > Anti-Malware and
Reputation page also determines the maximum file size for file reputation and analysis.
Reputation page also determines the maximum file size for file reputation and analysis.
Configure policies to block download of files that are not addressed by Advanced Malware Protection.