Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
1
Helpful
2
Replies

Question about AMP Quarantine on the Cisco ESA / SEG

Amen
Level 1
Level 1

‎03-10-2023 01:24 AM

we've activated AMP incl. File Analysis on our Cisco SEGs. However we're a bit concerned about the understanding of the "File Analysis" Quarantine and the time frame which we should use for releasing messages. For sure we want to reduce the delay of incoming emails to a minimum.
Is there some kind of a best practice documentation about this feature? 

0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎03-10-2023 03:58 AM

Default is 10 minutes, which works for us.
You want to give TG time to actually execute the file and let it do its thing.

You want have Mailbox Automatic Remediation configured so if its released, and gets marked bad later, the ESA can pull it from the mailbox.

Amen
Level 1
Level 1
In response to Ken Stieers

‎03-16-2023 11:54 PM

ok, at the moment we’ve configured it to 15 minutes and don’t face any issues.

Do you think we should reduce it to 10 minutes or stick with the 15 minutes?

Would there be any benefit to go for 10 compared to 15 minutes?

0 Helpful
Customers Also Viewed These Support Documents