Cisco Cisco Email Security Appliance C650 Guía Del Usuario
17-5
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Privacy of Information Sent to the Cloud
•
Only the SHA that uniquely identifies a file is sent to the reputation service in the cloud. The file
itself is not sent.
itself is not sent.
•
If you are using the file analysis service in the cloud and a file qualifies for analysis, the file itself
is sent to the cloud.
is sent to the cloud.
•
Information about every file that is sent to the cloud for analysis and has a verdict of “malicious” is
added to the reputation database. This information is used along with other data to determine a
reputation score.
added to the reputation database. This information is used along with other data to determine a
reputation score.
Information about files analyzed by an on-premises Cisco AMP Threat Grid appliance is not shared
with the reputation service.
with the reputation service.
•
If you have configured your appliance to allow data to be sent to the Sender Base Reputation
Service, information about certain files is sent. For details, see information about the AMP cloud in
Service, information about certain files is sent. For details, see information about the AMP cloud in
Configuring File Reputation and Analysis Features
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Requirements for Communication with File Reputation and Analysis Services
•
All Email Security appliances that use these services must be able to connect to them directly over
the Internet (excluding file reputation and analysis services configured to use an on-premises
appliance.)
the Internet (excluding file reputation and analysis services configured to use an on-premises
appliance.)
•
By default, communication with file reputation and cloud-based analysis services is routed through
the interface that is associated with the default gateway. To route this traffic through a different
interface, create a static route for each address in the Advanced section of the Security Services >
File Reputation and Analysis page.
the interface that is associated with the default gateway. To route this traffic through a different
interface, create a static route for each address in the Advanced section of the Security Services >
File Reputation and Analysis page.
•
For information about required open firewall ports, see