Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
421422423424425426427428429430
16-14
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 16 File Reputation Filtering and File Analysis
Troubleshooting File Reputation and Analysis
Using Trace, page 16-14
Several Alerts About Failure to Connect to File Reputation or File Analysis Servers, page 16-14
Many Files Have Verdict "Unscannable", page 16-15
Log Files
In logs:
AMP and amp refer to the file reputation service or engine.
Retrospective refers to verdict updates.
VRT and sandboxing refer to the file analysis service.
Information about Advanced Malware Protection including File Analysis is logged in AMP Engine
Logs..
File reputation filtering and analysis events are logged in AMP Engine logs and Mail logs.
In the log message "Response received for file reputation query" possible values for "upload action" are:
0: The file is known to the reputation service; do not send for analysis.
1: Send
2: The file is known to the reputation service; do not send for analysis.
Using Trace
Trace is not available for the file reputation filtering and analysis features. Instead, send a test message
from an account outside your organization.
Several Alerts About Failure to Connect to File Reputation or File Analysis
Servers
Problem You receive several alerts about failures to connect to the file reputation or analysis services in
the cloud. (A single alert may indicate only a transient issue.)
Solution
Ensure that you have met the requirements in Requirements for Communication with File
Reputation and Analysis Services, page 16-5.
Check for network issues that may prevent the appliance from communicating with the cloud
services.
Increase the Query Timeout value:
Select Security Services > File Reputation and Analysis. The Query Timeout value is in the
Advanced settings area.