Cisco Cisco Web Security Appliance S360 Guía Del Usuario

Advanced Malware 
Protection 

Shows file-based threats that were identified by the file reputation service. 

To see the users who tried to access each SHA, and the filenames associated 
with that SHA-256, click a SHA-256 in the table. 

Clicking the link at the bottom of Malware Threat File Details report page 
displays all instances of the file in Web Tracking that were encountered 
within the maximum available time range, regardless of the time range 
selected for the report. 

For files with changed verdicts, see the AMP Verdict updates report. Those 
verdicts are not reflected in the Advanced Malware Protection report.

Notes:

If one of the extracted files from a compressed or an archive file is 
malicious, only SHA value of the compressed or archive file is included 
in the Advanced Malware Protection report.

Advanced Malware 
Protection File 
Analysis 

Displays the time and verdict (or interim verdict) for each file sent for 
analysis. 

Files that are whitelisted on the Cisco AMP Threat Grid appliance show as 
“clean.” For information about whitelisting, see the AMP Threat Grid online 
help. 

To view more than 1000 File Analysis results, export the data as a .csv file.

Drill down to view detailed analysis results, including the threat 
characteristics and score for each file. 

You can also view additional details about an SHA directly on the AMP 
Threat Grid appliance or cloud server that performed the analysis by 
searching for the SHA or by clicking the Cisco AMP Threat Grid link at the 
bottom of the file analysis details page. 

Notes:

If extracted files from a compressed or an archive file are sent for file 
analysis, only SHA values of these extracted files are included in the File 
Analysis report.