Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-17
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
File Reputation and File Analysis Reporting and Tracking
•
•
•
•
Identifying Files by SHA-256 Hash
Because file names can easily be changed, the appliance generates an identifier for each file using a
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
In most reports, files are listed by their SHA-256 value (in an abbreviated format).
File Reputation and File Analysis Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
Notes:
•
If one of the extracted files from a compressed or an archive file is
malicious, only SHA value of the compressed or archive file is included
in the Advanced Malware Protection report.
malicious, only SHA value of the compressed or archive file is included
in the Advanced Malware Protection report.
•
From AsyncOS 9.9.5 onwards, Advanced Malware Protection report has
been enhanced to display additional fields, graphs, and so on. The report
displayed after the upgrade does not include the reporting data prior to
the upgrade. To view the Advanced Malware Protection report prior to
the upgrade, click on the hyperlink at the top of the page.
been enhanced to display additional fields, graphs, and so on. The report
displayed after the upgrade does not include the reporting data prior to
the upgrade. To view the Advanced Malware Protection report prior to
the upgrade, click on the hyperlink at the top of the page.