FTD file event/malware performance reporting?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2018 07:17 PM - edited 03-08-2019 05:46 PM
How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout.
Is there any way to tell if incoming connections are getting dropped/timeouts because of malware lookups?
When I check file events, I see a few "Cloud Lookup Timeout" but it's not that many.
I'm scanning everything, and doing Spero, Dynamic and Local analysis. I have capacity handling enabled.
- Labels:
-
Other AMP Topics

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2018 06:38 AM
Hi There,
FTD does not block any connection if the file policy cannot do the lookup or it fails.
The file would only be blocked when the system identifies that the its malicious and you have configured it to be blocked.
You can check health alert which should generate alert if there is lookup failure.
It can also be checked from CLI logs if there are failures.
Hope that helps.
Yogesh
