05-30-2016 06:35 AM
Hi,
i often get the following alert message from or ESA.
How can i check which email is affected or what does the error message exactly mean? Thanks for your help.
lg
Herbert
Message:
The Info message is:
Retrospective verdict received. SHA256: 48e556de275d4917be7556a337ae390e4eb3133fc2c7fcbd3e32ce2304e81efb, Verdict: malicious, Reputation Score: 0, Spyname: W32.Auto.48e556.MASH.SR.SBX.VIOC
Version: 9.1.0-032
Serial Number: 4222DBC341F4D7E4D812-A8A488F3B03D
Timestamp: 23 May 2016 15:27:47 +0200
To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert. Please click the Knowledge Base link after logging into our Support Portal at:
Solved! Go to Solution.
07-15-2016 05:47 AM
Grab the SHA and go to message tracking. There's a field you can paste it in under Advanced
05-30-2016 06:49 AM
Hi Herbert,
You have received this message because most likely you have configured your appliance to send "Anti-Virus and AMP" alerts at Info level.
You can review your configuration from the webUI(GUI) > System Administration > Alerts.
Informational alerts are generated in the routine functioning of this device. Said that, the message you received simply indicates that AMP is working as expected and classified an email with Verdict: malicious.
So everything is running fine, it's just an informational Alert.
Regards
Raed
07-15-2016 04:32 AM
Do you know if there is an easy way to track who would have received the message that now contains the malicious attachment.?
Nirender
07-15-2016 05:47 AM
Grab the SHA and go to message tracking. There's a field you can paste it in under Advanced
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide