cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
418
Views
0
Helpful
3
Replies
Highlighted
Beginner

Ironport - File reputation question

Hi, Enabling the File reputation but not the File analysis would make the ironport to upload all the files to the cloud?

On the documentation it says enabling the file analysis makes the devide upload the file for further inspection but I'd like to know if disabling the file analysis would not upload any file to the amp cloud. On the logs (tail amp) I can see the lines ending with 'upload_action = 1'

Any help please? Thanks

3 REPLIES 3
Highlighted
Cisco Employee

Hi,

Hi,

File reputation alone would not upload files to the cloud for analysis.

There is a reputation keep alive file amp_watchdog.txt which would still appear in the amp logs with upload-action = 1. However I do not suspect other attachments for emails to be uploaded for analsyis with file analysis turned off.

Thanks
Libin

Highlighted
Cisco Employee

To add on to what Libin has

To add on to what Libin has already stated, it is correct that you'll not be uploading files for File Analysis (ThreatGrid) while that feature is disabled. At that point, the only way you'll be receiving information about Malicious files is if the file is already known to the File Reputation servers when scanned, or if you receive a Retrospective Verdict back about a file that was originally identified as Clean/Unknown and we now know it to be Malicious.

We do have on-premise ThreatGrid appliances available if your concern is regarding uploading files to the cloud.

Thanks!

-Dennis M.

Highlighted
Beginner

Thank you both for the help.

Thank you both for the help.

Thanks