Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The SHA-256 of each attachment in the message, and 

The final Advanced Malware Protection verdict for the message as a whole, and 

Any attachments which were found to contain malware. 

No information is provided for clean or unscannable attachments. 

  Verdict updates are available only in the AMP Verdict Updates report. The original message details 
in Message Tracking are not updated with verdict changes. To see messages that have a particular 
attachment, click a SHA-256 in the verdict updates report. 

Information about File Analysis, including analysis results and whether or not a file was sent for 
analysis, are available only in the File Analysis report. 

Additional information about an analyzed file may be available from the cloud or on-premises File 
Analysis server. To view any available File Analysis information for a file, select Monitor > File 
Analysis and enter the SHA-256 to search for the file. If the File Analysis service has analyzed the 
file from any source, you can see the details. Results are displayed only for files that have been 
analyzed. 

If the appliance processed a subsequent instance of a file that was sent for analysis, those instances 
will appear in Message Tracking search results. 

View the AMP Verdict Updates report. 

Click the relevant SHA-256 link to view message tracking data for all messages that contained that file 
that may have been delivered to end users. 

Using the tracking data, identify the users that may have been compromised, as well as information such 
as the file names involved in the breach and sender of the file. 

Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat 
behavior of the file in more detail.