Cisco Cisco Email Security Appliance C170 사용자 가이드

Advanced Malware Protection protects against zero-day and targeted file-based threats in email 
attachments by: 

Obtaining the reputation of known files. 

Analyzing behavior of certain files that are not yet known to the reputation service. 

Continuously evaluating emerging threats as new information becomes available, and notifying you 
about files that are determined to be threats after they have entered your network. 

These features are available only for  incoming messages. Files attached to outgoing messages are not 
evaluated. 

The reputation service is in the cloud. The file analysis service has options for either public- or 
private-cloud (on-premises). 

Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or 
clean, and the file may therefore be released to the recipient. If the threat verdict changes as new 
information becomes available, you will be alerted, and the file and its new verdict appear in the AMP 
Verdict Updates report. You can investigate the point-of-entry message as a starting point to remediating 
any impacts of the threat. 

Verdicts can also change from malicious to clean. 

When the appliance processes subsequent instances of the same file, the updated verdict is 
immediately applied. 

Information about the timing of verdict updates is included in the file-criteria document referenced in