Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,sometimes we see, even AMP has identified an attachment as "malicious", the mail is delivered to the user's inbox from the AMP quarantine on SMA. There is no indication of the behavior in the logs (per-day limit is also not reached at this time...
Hello,we see an increasing count of PDF attachments which contain links to malicious URLs. All security measures fail.AMP doesn't scan/upload the PDF because of non-existing active/dynamic contents.Is there any way to detect such URLs inside of PDF a...
Hello,
sometimes I see that a website is blocked by our WSA due to a bad reputation score.
Then I'd like to submit the URL to get a re-check by Cisco. But the online check results in a "neutral" status.
Does anybody seen this issue before?
Attached a...
I am sorry to disagree, but this is still wrong. To proof this I have created the following message filter:Detect_AMP_after_analysis:if (remote-ip == "<IP_of_SMA>") AND ((header('X-AMP-Result') == 'MALICIOUS') OR (header('X-AMP-CustomResult') == 'MAL...
Hi,this is wrong. Released emails from SMA do not go through any filters (no message filter, no content filter, ...), since these filters do not exist on the SMA. The mails are relayed directly from SMA to Exchange.
Hi,I suspect, I have found the reason for this behavior:AMP only supports "deliver as is" or "drop" for positively detected mails/attachments. Since we have decreased the treshold value for AMP scoring and the fact that this also results in false pos...
Hi,thanks for your reply! I do not believe this has something to do with PVO settings, since this does not affect all emails. The email in question remained about 7 minutes in the "File Analysis" PVO.What is also striking is the fact, that this obvio...
