Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
2
Replies

Blocked malware using amp notification

sv7
Level 3
Level 3

‎06-13-2023 12:45 AM

HI All,

Need to enable notification to sender when anything like (attachment, link) gets blocked by Amp service. Below is the task i have to performed.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118796-technote-esa-00.html#anc2

 

Labels:
0 Helpful
2 Replies 2

sv7
Level 3
Level 3

‎06-14-2023 10:41 PM

any help please

0 Helpful

UdupiKrishna
Cisco Employee
Cisco Employee

‎07-02-2023 07:17 PM

This can be done, but comes with a bit of tricky configuration (has to be deployed with some discretion) 

AMP's primary responsibility is to scan attachments and detect possible malware inside them. Now most customers choose to set the action as drop when the attachment is flagged as "malware". Since this is a "final action", the email doesn't go through any additional scanning.

You can choose to change this option to "deliver as is" , configure the AMP policy to add a custom header.

UdupiKrishna_1-1688350638053.png

 

Then use that header as a condition in a content filter, configure 2 actions.

1st action - Notify "sender", (use notification templates if needed)

2nd action - Drop, so that the email isn't delivered to recipient.

0 Helpful
Customers Also Viewed These Support Documents