Cisco Cisco Email Security Appliance C190 Guia Do Utilizador

Information about File Analysis, including analysis results and whether or not a file was sent for 
analysis, are available only in the File Analysis report. 

Additional information about an analyzed file may be available from the cloud. To view any 
available File Analysis information for a file, select Monitor > File Analysis and enter the SHA-256 
to search for the file. If the File Analysis service has analyzed the file from any source, you can see 
the details. Results are displayed only for files that have been analyzed. 

If the appliance processed a subsequent instance of a file that was sent for analysis, those instances 
will appear in Message Tracking search results. 

View the AMP Verdict Updates report. 

Click the relevant SHA-256 link to view message tracking data for all messages that contained that file 
that may have been delivered to end users. 

Using the tracking data, identify the users that may have been compromised, as well as information such 
as the file names involved in the breach and sender of the file. 

Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat 
behavior of the file in more detail. 

In logs: 

AMP

 and 

amp

 refer to the file reputation service or engine.

Retrospective

 refers to verdict updates. 

VRT

 and 

sandboxing 

refer to the file analysis service. 

File reputation filtering and analysis events are logged in AMP Engine logs and Mail logs.