Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

17-17

User Guide for AsyncOS 10.0 for Cisco Email Security Appliances

Chapter 17 File Reputation Filtering and File Analysis

File Reputation and File Analysis Reporting and Tracking

•

Identifying Files by SHA-256 Hash, page 17-17

•

File Reputation and File Analysis Report Pages, page 17-17

•

Viewing File Reputation Filtering Data in Other Reports, page 17-18

•

About Message Tracking and Advanced Malware Protection Features, page 17-19

Identifying Files by SHA-256 Hash

Because file names can easily be changed, the appliance generates an identifier for each file using a
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.

In most reports, files are listed by their SHA-256 value (in an abbreviated format).

File Reputation and File Analysis Report Pages

Report Description

Advanced Malware
Protection

Shows file-based threats that were identified by the file reputation service.

For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.

Notes:

•

If one of the extracted files from a compressed or an archive file is
malicious, only SHA value of the compressed or archive file is included
in the Advanced Malware Protection report.

•

From AsyncOS 9.9.5 onwards, Advanced Malware Protection report has
been enhanced to display additional fields, graphs, and so on. The report
displayed after the upgrade does not include the reporting data prior to
the upgrade. To view the Advanced Malware Protection report prior to
the upgrade, click on the hyperlink at the top of the page.