How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout.
Is there any way to tell if incoming connections are getting dropped/timeouts because of malware lookups?
When I check file events, I see a few "Cloud Lookup Timeout" but it's not that many.
I'm scanning everything, and doing Spero, Dynamic and Local analysis. I have capacity handling enabled.
FTD does not block any connection if the file policy cannot do the lookup or it fails.
The file would only be blocked when the system identifies that the its malicious and you have configured it to be blocked.
You can check health alert which should generate alert if there is lookup failure.
It can also be checked from CLI logs if there are failures.
Hope that helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: