Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2081
Views
5
Helpful
4
Replies

File Analysis issue

yevgen1991
Level 1
Level 1

‎12-23-2020 08:17 AM

Hi all.

 

So, i configured the File Analysis menu tab to send *.jar files to File Analisys. I check logs, and see : 

upload_action = Recommended to send the file for analysis

But after this log I do not see the log, that the file was send to File Analysis.

And I have no other error logs from ESA.

 

Why aren't my files going to analytics?

 

Thanks!

Labels:
0 Helpful
4 Replies 4

yevgen1991
Level 1
Level 1

‎12-23-2020 08:25 AM

logs:FA.jpg

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎01-03-2021 10:44 PM

You may want to look at amp logs on the ESA for the SHA in question to see if there are any additional details logged.

You also mentioned enabling .jar file analysis, however the logs are for an .exe attachment so is that enabled as well?

 

Regards,

Libin

0 Helpful

yevgen1991
Level 1
Level 1

‎01-06-2021 10:15 AM

@Libin Varghese , I resolve my issue.

But i have a question.

My "Threshol setting" is 95. What happens if the SCORE is over 95? Will I receive a mail notification? And in general, will I receive a file if it has not been verified yet? Or will I get it only after File Analysis verification passes well, and if the point is less than 95?

Thanks!

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2021 07:01 PM

The threshold score of 95 is compared against the score received after file analysis.

Anything over that threshold would be considered malicious by AMP and the configured action in mail policies would be performed on that email.

 

Regards,

Libin

Customers Also Viewed These Support Documents