Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1201
Views
5
Helpful
3
Replies

File reputation filtering and the cloud

Go to solution
Michael Eriksson
Level 1
Level 1

‎02-02-2022 07:05 AM

Hi,

If I turn on file reputation filtering on the ESA but skip the File analysis part, what kind of data is then going to the cloud, if any? Just the hash of the file or what? I've tried to find some official document clarifying this in detail but haven't found any. I've just found high level descriptions and configuration how to's.

I would like to turn at least file reputation filtering on, but I have to present it and explain in detail what data is exchanged or sent to the cloud before that to guys in our security department. Then, if they say yes I can hopefully turn it on.

 

Grateful for any help.

 

Micke

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎02-02-2022 07:28 AM

Yes, for File Reputation just the SHA256 of files are looked up against the cloud data.
File Analysis sends the files its unsure of for them to be executed in the ThreatGrid cloud and the results sent back. If you do this you can get a free "Device Management" ThreatGrid account so you can see what's going on there.
There is an ON-PREM ThreatGrid box available if that's a thing you might want...

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Michael Eriksson
Level 1
Level 1
In response to balaji.bandi

‎02-02-2022 07:32 AM

Hi,

Thanx for your answer. I have read that one, but it's quiet "high flying" I think and there is no clear distinction between File Reputation Filtering and File Analysis. It also takes for granted you should use them both. I would like to know a bit more detail primarily about File Reputation Filtering since I don't think they will allow sending files to the cloud.

 

Thank you all the same.

Regards

Micke

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎02-02-2022 07:28 AM

Yes, for File Reputation just the SHA256 of files are looked up against the cloud data.
File Analysis sends the files its unsure of for them to be executed in the ThreatGrid cloud and the results sent back. If you do this you can get a free "Device Management" ThreatGrid account so you can see what's going on there.
There is an ON-PREM ThreatGrid box available if that's a thing you might want...
0 Helpful
Customers Also Viewed These Support Documents