cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2083
Views
5
Helpful
4
Replies

File Analysis issue

yevgen1991
Level 1
Level 1

Hi all.

 

So, i configured the File Analysis menu tab to send *.jar files to File Analisys. I check logs, and see : 

upload_action = Recommended to send the file for analysis

But after this log I do not see the log, that the file was send to File Analysis.

And I have no other error logs from ESA.

 

Why aren't my files going to analytics?

 

Thanks!

4 Replies 4

yevgen1991
Level 1
Level 1

logs:FA.jpg

Libin Varghese
Cisco Employee
Cisco Employee

You may want to look at amp logs on the ESA for the SHA in question to see if there are any additional details logged.

You also mentioned enabling .jar file analysis, however the logs are for an .exe attachment so is that enabled as well?

 

Regards,

Libin

yevgen1991
Level 1
Level 1

@Libin Varghese , I resolve my issue.

But i have a question.

My "Threshol setting" is 95. What happens if the SCORE is over 95? Will I receive a mail notification? And in general, will I receive a file if it has not been verified yet? Or will I get it only after File Analysis verification passes well, and if the point is less than 95?

Thanks!

Libin Varghese
Cisco Employee
Cisco Employee

The threshold score of 95 is compared against the score received after file analysis.

Anything over that threshold would be considered malicious by AMP and the configured action in mail policies would be performed on that email.

 

Regards,

Libin