Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1747
Views
0
Helpful
1
Replies

FTD file event/malware performance reporting?

jmorrison_bcp
Level 1
Level 1

‎02-08-2018 07:17 PM - edited ‎03-08-2019 05:46 PM

How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout.

 

Is there any way to tell if incoming connections are getting dropped/timeouts because of malware lookups?

 

When I check file events, I see a few "Cloud Lookup Timeout" but it's not that many.

I'm scanning everything, and doing Spero, Dynamic and Local analysis. I have capacity handling enabled.

 

 

 

Labels:
0 Helpful
1 Reply 1

yogdhanu
Cisco Employee
Cisco Employee

‎02-28-2018 06:38 AM

Hi There,

 

FTD does not block any connection if the file policy cannot do the lookup or it fails.

The file would only be blocked when the system identifies that the its malicious and you have configured it to be blocked.

You can check health alert which should generate alert if there is lookup failure.

It can also be checked from CLI logs if there are failures.

 

Hope that helps.

Yogesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents