Cisco Cisco Email Security Appliance C670 ユーザーガイド
17-3
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Overview of File Reputation Filtering and File Analysis
•
For deployments with on-premises file analysis, the reputation evaluation and file analysis occur
simultaneously. If the reputation service returns a verdict, that verdict is used, as the reputation
service includes inputs from a wider range of sources. If the file is unknown to the reputation
service, the file analysis verdict is used.
simultaneously. If the reputation service returns a verdict, that verdict is used, as the reputation
service includes inputs from a wider range of sources. If the file is unknown to the reputation
service, the file analysis verdict is used.
•
If file reputation or file analysis verdict information is unavailable because the connection with the
service timed out, the file is considered clean and is released to the end user. If the verdict is
unscannable for any other reason, the appliance applies the action that you have specified for
unscannable attachments in the applicable mail policy.
service timed out, the file is considered clean and is released to the end user. If the verdict is
unscannable for any other reason, the appliance applies the action that you have specified for
unscannable attachments in the applicable mail policy.
Figure 17-1
Advanced Malware Protection Workflow for Public-cloud File Analysis Deployments
If the file is sent for analysis:
•
For files sent to the cloud for analysis: files are sent over HTTPS.
•
Analysis normally takes minutes, but may take longer.
•
A file that is flagged as malicious after file analysis may not be identified as malicious by the
reputation service. File reputation is determined by a variety of factors over time, not necessarily by
a single file-analysis verdict.
reputation service. File reputation is determined by a variety of factors over time, not necessarily by
a single file-analysis verdict.
•
Results for files analyzed using an on-premises Cisco AMP Threat Grid appliance are cached
locally.
locally.
For information about verdict updates, see
.
Supported Files for File Reputation and Analysis Services
The reputation service evaluates most file types. File type identification is determined by file content and
is not dependent on the filename extension.
is not dependent on the filename extension.