cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1404
Views
0
Helpful
3
Replies

ESA Error: Retrospective verict received

Hi,

i often get the following alert message from or ESA.

How can i check which email is affected or what does the error message exactly mean? Thanks for your help.

lg

Herbert

Message:

The Info message is:

 

Retrospective verdict received. SHA256: 48e556de275d4917be7556a337ae390e4eb3133fc2c7fcbd3e32ce2304e81efb, Verdict: malicious, Reputation Score: 0, Spyname: W32.Auto.48e556.MASH.SR.SBX.VIOC

 

Version: 9.1.0-032

Serial Number: 4222DBC341F4D7E4D812-A8A488F3B03D

Timestamp: 23 May 2016 15:27:47 +0200

 

To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert.  Please click the Knowledge Base link after logging into our Support Portal at:

1 ACCEPTED SOLUTION

Accepted Solutions
Engager

Grab the SHA and go to

Grab the SHA and go to message tracking.  There's a field you can paste it in under Advanced 

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Hi Herbert,

Hi Herbert,

You have received this message because most likely you have configured your appliance to send "Anti-Virus and AMP" alerts at Info level.

You can review your configuration from the webUI(GUI) > System Administration > Alerts.

Informational alerts are generated in the routine functioning of this device. Said that, the message you received simply indicates that AMP is working as expected and classified an email with Verdict: malicious.

So everything is running fine, it's just an informational Alert. 

Regards

Raed

Do you know if there is an

Do you know if there is an easy way to track who would have received the message that now contains the malicious attachment.?

Nirender

Engager

Grab the SHA and go to

Grab the SHA and go to message tracking.  There's a field you can paste it in under Advanced 

View solution in original post