Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1641
Views
0
Helpful
1
Replies

AMP file analysis pending vs file analysis monitor screen

dkorell
Level 1
Level 1

‎05-16-2016 03:11 PM

I turned on AMP today and in the mail policy I configured "Messages with File Analysis Pending" to add a custom header which I then notify myself in content filters if that header exists. I've received 15 notifications today which I then was expecting to match up in the File Analysis monitor screen, which has 10 entries, but none of them match up.

In the AMP logs for the e-mails that triggered the pending notification it has entries for "File reputation query initiating" and "Response received for file reputation query from Cloud". For the attachments in the File Analysis monitor screen they have additional entries for "File uploaded for analysis", "Sandbox status event received" and "File Analysis complete".

I have looked all over for the difference but there isn't much detailed information. Does anyone know the difference between AMP file analysis pending and what shows up in File Analysis?

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎05-18-2016 05:48 PM

Hello Dkorell,

File Analysis would show the results after the sandbox event was received from the ThreatGrid server (timing of results will vary)

While pending File Analysis means it was uploaded to ThreatGrid and currently in sandboxed and investigated on the ThreatGrid servers.

Regards,

matthew

0 Helpful
Customers Also Viewed These Support Documents