Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-3
Cisco AsyncOS 9.5 for Email User Guide
Chapter 17 File Reputation Filtering and File Analysis
Overview of File Reputation Filtering and File Analysis
Figure 17-1
Advanced Malware Protection Workflow for Public-Cloud File Analysis Deployments
If the file is sent for analysis:
•
If the file is sent to the cloud for analysis: Files are sent over HTTPS.
•
Analysis normally takes minutes, but may take longer.
•
Information about every file that is sent to the cloud for analysis and has a verdict of "malicious" is
added to the reputation database. Information about files analyzed using an on premises Cisco AMP
Threat Grid appliance is not shared with the reputation service.
added to the reputation database. Information about files analyzed using an on premises Cisco AMP
Threat Grid appliance is not shared with the reputation service.
For information about verdict updates, see
.
Which Files Are Evaluated and Analyzed?
The reputation service evaluates most file types. File type identification is determined by file content and
is not dependent on the filename extension.
is not dependent on the filename extension.
Some files with unknown reputation can be analyzed for threat characteristics. When you configure the
file analysis feature, you choose which file types are analyzed. New types can be added dynamically;
you will receive an alert when the list of uploadable file types changes, and can select added file types
to upload.
file analysis feature, you choose which file types are analyzed. New types can be added dynamically;
you will receive an alert when the list of uploadable file types changes, and can select added file types
to upload.
For complete information about which files are evaluated and analyzed, see the Release Notes for your
AsyncOS version, available from:
AsyncOS version, available from: