Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1849
Views
0
Helpful
3
Replies

File Analysis Quarantine Question

Go to solution
sdonovan123
Level 1
Level 1

‎02-10-2017 08:58 AM

hello,

We just moved to using the AMP and had a question regarding the quarantine.  Currently when files are being checked they are placed into the File Analysis quarantine for 30 minutes then released.  Is this with best practice or how should I have it set up?

Thanks!

Shawn

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎02-10-2017 09:43 AM

Shawn,

The default configuration of 60 mins is certainly recommended practice, however can be customized as per requirement.

The file analysis quarantine is dynamic and acts as a temporary holding space while the file is analyzed on the cloud.

If the response from the cloud server deems the file safe, the file would be release immediately without completing the 30/60 minute retention time.

Thanks

Libin Varghese

View solution in original post

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to sdonovan123

‎02-10-2017 09:55 AM

The default action is release.

This is so that no legitimate emails are lost and if an email was unable to obtain a verdict even after 60 minutes it is allowed through.

- Libin V

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎02-10-2017 09:43 AM

Shawn,

The default configuration of 60 mins is certainly recommended practice, however can be customized as per requirement.

The file analysis quarantine is dynamic and acts as a temporary holding space while the file is analyzed on the cloud.

If the response from the cloud server deems the file safe, the file would be release immediately without completing the 30/60 minute retention time.

Thanks

Libin Varghese

0 Helpful

Go to solution
sdonovan123
Level 1
Level 1
In response to Libin Varghese

‎02-10-2017 09:46 AM

One last question.  Should the default action after 60 minutes to be delete or release?

Thanks!

Shawn

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to sdonovan123

‎02-10-2017 09:55 AM

The default action is release.

This is so that no legitimate emails are lost and if an email was unable to obtain a verdict even after 60 minutes it is allowed through.

- Libin V

0 Helpful
Customers Also Viewed These Support Documents