cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
824
Views
5
Helpful
4
Replies

AMP file reputation HASH issue

may-ye
Level 1
Level 1

Will AMP File Analysis upload document attachments for inspection?

Because of the AMP File Reputation phase, only the HASH of the document are verified.But the hash value changes whenever the document content replaces only one characterIn this case, will the result of file reputation be unknown and the file file be uploaded?

1 Accepted Solution

Accepted Solutions

may-ye
Level 1
Level 1

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-5/user_guide/b_ESA_Admin_Guide_12_5/b_ESA_Admin_Guide_12_1_chapter_010001.html#con_1809504

View solution in original post

4 Replies 4

Before AMP uploads the file it does check to see if there is any code in the file... so a doc with macros would get uploaded but not docs with out code.

IIRC its the ClamAV engine that does this.

If I change the contents of.doc, will the hash value calculated by File Reputation change?

Yes.

may-ye
Level 1
Level 1

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-5/user_guide/b_ESA_Admin_Guide_12_5/b_ESA_Admin_Guide_12_1_chapter_010001.html#con_1809504

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: