Cisco Cisco Email Security Appliance C160 Guía Del Usuario
C H A P T E R
17-1
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
17
File Reputation Filtering and File Analysis
•
•
•
•
•
Overview of File Reputation Filtering and File Analysis
Advanced Malware Protection protects against zero-day and targeted file-based threats in email
attachments by:
attachments by:
•
Obtaining each file’s reputation.
•
Analyzing behavior of certain files that are not yet known to the reputation service.
•
Notifying you about files that are determined to be threats after they have entered your network.
These features are available only for incoming messages. Files attached to outgoing messages are not
evaluated.
evaluated.
The reputation service is in the cloud. The file analysis service has options for either public- or
private-cloud (on-premises).
private-cloud (on-premises).
File Threat Verdict Updates
Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or
clean, and the file may therefore be released to the recipient. If the threat verdict changes, you will be
alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate
the point-of-entry message as a starting point to remediating any impacts of the threat.
clean, and the file may therefore be released to the recipient. If the threat verdict changes, you will be
alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate
the point-of-entry message as a starting point to remediating any impacts of the threat.
Verdicts can also change from malicious to clean.
When the appliance processes subsequent instances of the same file, the updated verdict is
immediately applied.
immediately applied.
Related Topics
•
•