Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

In order to obtain File Analysis report details, the appliance must be able to connect to the File Analysis 
server over port 443. See details in 

If your Cisco Content Security Management appliance does not have a direct connection to the internet, 
configure a proxy server for this traffic (See 

.) If you have 

already configured the appliance to use a proxy to obtain upgrades and service updates, the existing 
settings are used. 

If you use an HTTPS proxy, the proxy must not decrypt the traffic; use a pass-through mechanism for 
communications with the File Analysis server. The proxy server must trust the certificate from the Fire 
Analysis server, but need not provide its own certificate to the File Analysis server. 

For any additional requirements, see the Release Notes for your Security Management appliance release, 
available from 

Because filenames can easily be changed, the appliance generates an identifier for each file using a 
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all 
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances 
of the file have the same SHA-256 identifier. 

In most reports, files are listed by their SHA-256 value (in an abbreviated format). 

Advanced Malware 
Protection 

Shows file-based threats that were identified by the file reputation service. 

For files with changed verdicts, see the AMP Verdict updates report. Those 
verdicts are not reflected in the Advanced Malware Protection report.