Cisco Cisco Email Security Appliance C160 Guía Del Usuario
C H A P T E R
17-1
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
17
File Reputation Filtering and File Analysis
•
•
•
•
•
Overview of File Reputation Filtering and File Analysis
Advanced Malware Protection protects against zero-day and targeted file-based threats in email
attachments by:
attachments by:
•
Obtaining the reputation of known files.
•
Analyzing behavior of certain files that are not yet known to the reputation service.
•
Continuously evaluating emerging threats as new information becomes available, and notifying you
about files that are determined to be threats after they have entered your network.
about files that are determined to be threats after they have entered your network.
These features are available only for incoming messages. Files attached to outgoing messages are not
evaluated.
evaluated.
The file reputation service and the file analysis service are available as either public-cloud or
private-cloud (on-premises) services.
private-cloud (on-premises) services.
•
The private-cloud file reputation service is provided by Cisco AMP Virtual Private Cloud appliance,
operating in either “proxy” or “air-gap” (on-premises) mode. See
operating in either “proxy” or “air-gap” (on-premises) mode. See
.
•
The private-cloud file analysis service is provided by an on-premises Cisco AMP Threat Grid
appliance. See
appliance. See
File Threat Verdict Updates
Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or
clean, and the file may therefore be released to the recipient. If the threat verdict changes as new information
becomes available, you will be alerted, and the file and its new verdict appear in the AMP Verdict Updates
report. You can investigate the point-of-entry message as a starting point to remediating any impacts of the
threat.
clean, and the file may therefore be released to the recipient. If the threat verdict changes as new information
becomes available, you will be alerted, and the file and its new verdict appear in the AMP Verdict Updates
report. You can investigate the point-of-entry message as a starting point to remediating any impacts of the
threat.