Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1846
Views
0
Helpful
1
Replies

AMP | W32.Auto:495cbd.TG.VRT

John
Level 1
Level 1

‎05-31-2017 05:51 AM - edited ‎02-20-2020 09:04 PM

We are trying to understand why it took around four (4) days for the file analysis to determine the disposition of the unknown file with network trajectory below (screenshot).  Please have someone take a closer look on our IPS and provide comprehensive details.

Labels:
Preview file
70 KB
0 Helpful
1 Reply 1

atatistc
Cisco Employee
Cisco Employee

‎05-31-2017 07:48 PM

The only way to determine that is to open a case with TAC to track the conviction of this specific file.  There are several reasons why a file is "unknown" for a period of time before being convicted.  It might be seconds, minutes or days before the file is uploaded by a customer to the Threatgrid sandbox or convicted by some other means.  Until we can get our hands on the file or it is convicted by a trusted third party it will remain unknown.  There's no way to tell the history for this specific pdf from the event posted.

0 Helpful
Customers Also Viewed These Support Documents