Alerts for Advanced Malware Protection (AMP) in Email Security Appliances C670

Pravar · ‎02-06-2017

Hi

Looking into configure the alerts for Advanced Malware Protection (AMP) in Email Security Appliances C670 especially for the verdict changes.

Appreciate any guidance.

Libin Varghese · ‎02-06-2017

Hi,

Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or clean, and the file may therefore be released to the recipient. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate the point-of-entry message as a starting point to remediating any impacts of the threat.

Verdicts can also change from malicious to clean.

When the appliance processes subsequent instances of the same file, the updated verdict is immediately applied.

These are part of informational alerts so you would need to ensure you are configured to receive such alerts under System Administration -> Alerts.

You can also keep track of verdict changes using the AMP Verdict Updates report.

Thanks
Libin Varghese

syeda3 · ‎02-06-2017

Please see the below url which has various links for C670 information.

http://www.cisco.com/c/en/us/support/security/email-security-appliance-c670/model.html

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118511-technote-esa-00.html#anc2

Hope to help.