Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2272
Views
0
Helpful
5
Replies

ESA w/ Advanced Malware Protection - File Analysis turnaround time?

Rachel Bautista
Level 1
Level 1

‎03-14-2017 10:58 AM

For those of you utilizing the ESA's Advanced Malware Protection feature keys and sending documents to the cloud for file analysis, what are the average turnaround times you see?  I'm needing to provide the average time it will take for a document to be scanned and released if clean.  Also, can anyone give me the percentage of attachments they see needing to be sent for analysis vs already known by Threat Grid so they don't have to be sent off to the cloud?

Thanks!

Rachel Bautista

Labels:
0 Helpful
5 Replies 5

Libin Varghese
Cisco Employee
Cisco Employee

‎03-14-2017 02:06 PM

Hi Rachel,

Under normal load the turnaround time to obtain a verdict from the file analysis server could be anywhere between 5 to 15 minutes.

AMP allows customer to either delay emails till a verdict is received or to deliver emails immediately without waiting for the file analysis verdict.

I do not think a percentage of attachments that need to be uploaded would be known as it varies across organizations.

Thank You!

Libin Varghese

0 Helpful

Rachel Bautista
Level 1
Level 1
In response to Libin Varghese

‎03-14-2017 07:54 PM

Thank you Libin.  I am aware of the average turnaround time based on an answer I received from support.  I was hoping to find out from other organizations what their experience was.  

So far, my testing does seem to indicate approximate turnaround average of 10 minutes.  However, the only way I could get test messages to go for File Analysis was to password protect them, which may have added a couple of minutes.

If there are any users of the product that can tell me what their experience is regarding percentage of attachments which have to be sent for further analysis I am still interested in that data.  Additionally, if you can tell me if you see many non-malicious files sent for analysis and what might cause that I would also be interested.  Our ownership is concerned about email delivery delay in certain areas of our organization that rely on very timely delivery.

Thank you,

Rachel

0 Helpful

SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to Libin Varghese

‎07-08-2018 02:50 AM

How can you delay the delivery. By sending it to quarantine if file analysis is pending ?. If I do this once the verdict is received that file is malicious the esa will drop the message or will not take any action?.

0 Helpful

SHABEEB KUNHIPOCKER
Level 3
Level 3
In response to Libin Varghese

‎07-08-2018 04:17 AM

How can you delay the delivery. By sending it to quarantine if file analysis is pending ?. If I do this once the verdict is received that file is malicious the esa will drop the message or will not take any action?.

0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to SHABEEB KUNHIPOCKER

‎07-08-2018 07:01 AM

Hello,

 

That's correct. There will be a delay in delivery if you configure messages pending File Analysis to be sent to the quarantine. For the action, you can set that within the mail policy settings.

 

More info: here

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents