Руководство Пользователя для Cisco Cisco Email Security Appliance C190

16-11

Cisco AsyncOS 8.5.6 for Email User Guide

Chapter 16 File Reputation Filtering and File Analysis

Troubleshooting File Reputation and Analysis

•

AMP

and

amp

refer to the file reputation service or engine.

•

Retrospective

refers to verdict updates.

•

VRT

and

sandboxing

refer to the file analysis service.

File reputation filtering and analysis events are logged in AMP Engine logs and Mail logs.

In the log message "Response received for file reputation query" possible values for "upload action" are:

•

0: The file is known to the reputation service; do not send for analysis.

•

1: Send

•

2: The file is known to the reputation service; do not send for analysis.

Using Trace

Trace is not available for the file reputation filtering and analysis features. Instead, send a test message
from an account outside your organization.

Multiple Alerts About Failed File Reputation Queries

Problem

You receive multiple alerts about failures to query the file reputation service.

Solution

•

Ensure that you have met the requirements in

Requirements for Communication with File

Reputation and Analysis Services, page 16-4

•

Check for network issues that may prevent the appliance from communicating with the cloud
services.

•

Increase the Query Timeout value:

Select Security Services > File Reputation and Analysis. The Query Timeout value is in the
Advanced settings area.

File Upload for Analysis Fails Repeatedly

Problem

You receive an alert that uploading files for analysis has failed repeatedly.

Solution

•

Ensure that you have met the requirements in

Requirements for Communication with File

Reputation and Analysis Services, page 16-4

•

Check your network for issues.

•

If the problem persists, contact Cisco support.