Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
5
Helpful
2
Replies

Cisco ESA AMP - Upload Delay

jsheehy13
Level 1
Level 1

‎02-05-2018 06:43 AM - edited ‎03-08-2019 07:32 PM

So we have been running the AMP add-on for our Cisco Cloud Email Security appliance.  We have noticed (and so have users) that when an email is needed to be uploaded to TALOS for analysis.  There is an average of a 5-7 minute delay before a verdict is received.

 

Does anyone have any recommendations on how to convey to the user population that their email has been flagged for further analysis?  A 5-7 minute delay may be by design, but it is a very long amount of time if someone is on the phone and waiting for an email to show up.

 

Suggestions?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

jsheehy13
Level 1
Level 1

‎02-05-2018 09:03 AM

Also to note we set the "pending analysis" to quarantine, and then through an X-Header into this value stating that it has been uploaded.  I then created a content filter to notify the user that the attachment has been uploaded for analysis.  This does not work because the message does not get tot he content filters until after the response comes back from Cisco.....let me know if anyone has some better ideas.

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to jsheehy13

‎02-05-2018 10:40 PM

Using the custom header was the only workaround I could think of, however it currently does not work as expected as mentioned in the below defect.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux11769/?reffering_site=dumpcr

 

Regards,

Libin Varghese

Customers Also Viewed These Support Documents