Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
5
Helpful
4
Replies

AMP file reputation HASH issue

Go to solution
may-ye
Level 1
Level 1

‎06-14-2022 07:05 PM

Will AMP File Analysis upload document attachments for inspection?

Because of the AMP File Reputation phase, only the HASH of the document are verified.But the hash value changes whenever the document content replaces only one characterIn this case, will the result of file reputation be unknown and the file file be uploaded?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
may-ye
Level 1
Level 1

‎06-16-2022 12:13 AM

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-5/user_guide/b_ESA_Admin_Guide_12_5/b_ESA_Admin_Guide_12_1_chapter_010001.html#con_1809504

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎06-14-2022 07:10 PM

Before AMP uploads the file it does check to see if there is any code in the file... so a doc with macros would get uploaded but not docs with out code.

IIRC its the ClamAV engine that does this.

Go to solution
may-ye
Level 1
Level 1
In response to Ken Stieers

‎06-14-2022 07:38 PM

If I change the contents of.doc, will the hash value calculated by File Reputation change?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to may-ye

‎06-14-2022 07:59 PM

Yes.
0 Helpful

Go to solution
may-ye
Level 1
Level 1

‎06-16-2022 12:13 AM

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-5/user_guide/b_ESA_Admin_Guide_12_5/b_ESA_Admin_Guide_12_1_chapter_010001.html#con_1809504

0 Helpful
Customers Also Viewed These Support Documents