cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1890
Views
0
Helpful
2
Replies

Alerts for Advanced Malware Protection (AMP) in Email Security Appliances C670

Pravar
Level 1
Level 1

Hi


Looking into configure the alerts for Advanced Malware Protection (AMP) in Email Security Appliances C670 especially for the verdict changes.

Appreciate any guidance.

2 Replies 2

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or clean, and the file may therefore be released to the recipient. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate the point-of-entry message as a starting point to remediating any impacts of the threat.


Verdicts can also change from malicious to clean.

When the appliance processes subsequent instances of the same file, the updated verdict is immediately applied.

These are part of informational alerts so you would need to ensure you are configured to receive such alerts under System Administration -> Alerts.

You can also keep track of verdict changes using the AMP Verdict Updates report.

Thanks
Libin Varghese