cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
358
Views
0
Helpful
0
Replies
Highlighted
Beginner

ESA AMP Verdict Updates

Had an email with a PDF attachment that ESA AMP gave a disposition of LowRisk,  then later changed the attachment to Malicious.  This is good but why didn't ESA AMP catch it the first time?  I ask this because Talos File Reputation list the Date Detection Created as 05/01/2018.  The e-mail was delivered to us on 3/11/2019.

So why did ESA AMP give the PDF a LowRisk when Talos File Reputation knew about the Malicious Hash for 10 months?

 

SHA256

87136b978a3bd48adc9e8dfa4875407c80a462681961e202f1deabe5b5ff65cd