Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2007
Views
0
Helpful
1
Replies

FTD file event/malware performance reporting?

jmorrison_bcp
Level 1
Level 1

‎02-08-2018 07:17 PM - edited ‎03-08-2019 05:46 PM

How can check the impact of AMP/FTD lookups on connections? On tests I've done, sometimes the scanning slows connections down. I need to be sure this doesn't cause a timeout.

 

Is there any way to tell if incoming connections are getting dropped/timeouts because of malware lookups?

 

When I check file events, I see a few "Cloud Lookup Timeout" but it's not that many.

I'm scanning everything, and doing Spero, Dynamic and Local analysis. I have capacity handling enabled.

 

 

 

Labels:
0 Helpful
1 Reply 1

yogdhanu
Cisco Employee
Cisco Employee

‎02-28-2018 06:38 AM

Hi There,

 

FTD does not block any connection if the file policy cannot do the lookup or it fails.

The file would only be blocked when the system identifies that the its malicious and you have configured it to be blocked.

You can check health alert which should generate alert if there is lookup failure.

It can also be checked from CLI logs if there are failures.

 

Hope that helps.

Yogesh

0 Helpful
Customers Also Viewed These Support Documents