Cisco Cisco Email Security Appliance C160 Mode D'Emploi

17-3

AsyncOS 9.0 for Cisco Web Security Appliances User Guide

Chapter 17 File Reputation Filtering and File Analysis

Overview of File Reputation Filtering and File Analysis

Figure 17-1

Advanced Malware Protection Workflow for Public-Cloud File Analysis Deployments

If the file is sent for analysis:

•

If the file is sent to the cloud for analysis: Files are sent over HTTPS.

•

Analysis normally takes minutes, but may take longer.

•

Information about every file that is sent to the cloud for analysis and has a verdict of "malicious" is
added to the reputation database. Information about files analyzed using an on premises Cisco AMP
Threat Grid appliance is not shared with the reputation service, but the result is cached locally.

For information about verdict updates, see

File Threat Verdict Updates, page 17-1

Which Files Are Evaluated and Analyzed?

The reputation service evaluates most file types. File type identification is determined by file content and
is not dependent on the filename extension.

Some files with unknown reputation can be analyzed for threat characteristics. When you configure the
file analysis feature, you choose which file types are analyzed. New types can be added dynamically;
you will receive an alert when the list of uploadable file types changes, and can select added file types
to upload.

The criteria for evaluating a file’s reputation and for sending files for analysis may change at any time.
Criteria are available only to registered Cisco customers. For information about which files are evaluated
and analyzed, see File Criteria for Advanced Malware Protection Services for Cisco Content Security
Products, available from

http://www.cisco.com/c/en/us/support/security/web-security-appliance/products-user-guide-list.html

In order to access this document, you must have a Cisco customer account with a support contract. To
register, visit

https://tools.cisco.com/RPF/register/register.do