Cisco Cisco Email Security Appliance C160 Guía Del Usuario
17-7
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 5
Accept the license agreement if presented.
Step 6
File Analysis is enabled by default. If you do not uncheck Enable File Analysis, the File Analysis
feature key will be activated after the next commit.
feature key will be activated after the next commit.
Step 7
In the File Analysis section, select the file types to send to the cloud for analysis.
Note
Cisco periodically checks for potentially malicious file types to prevent zero day threats. If new
threats are identified, details of such file types are sent to your appliance through updater
servers. Select the Other potentially malicious file types option to enable this functionality. If
you enable this functionality, your appliance will send such file types for analysis in addition to
the file types you have selected.
threats are identified, details of such file types are sent to your appliance through updater
servers. Select the Other potentially malicious file types option to enable this functionality. If
you enable this functionality, your appliance will send such file types for analysis in addition to
the file types you have selected.
Step 8
Adjust the following Advanced Settings for File Reputation as needed:
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 9
If you will use the cloud service for file analysis:
a.
Select Advanced Settings for File Analysis.
b.
Choose the cloud server that is physically nearest to your Email Security appliances .
Newly available servers will be added to this list periodically using standard update processes.
Step 10
If you will use an on-premises Cisco AMP Threat Grid appliance for file analysis:
Configure Advanced Settings for File Analysis:
Option
Description
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.