Advanced Malware Protection – File Analysis

The Advanced Malware Protection - File Analysis page shows the time and verdict (or interim verdict) for each file sent for analysis. The appliance checks for analysis results every 30 minutes.

To view more than 1000 File Analysis results, export the data as a .csv file.

For deployments with an on-premises Cisco AMP Threat Grid Appliance: Files that are inluded in the allowed list on the AMP Threat Grid appliance show as "clean". For information about allowed list, see the AMP Threat Grid documentation or online help.

Drill down to view detailed analysis results, including the threat characteristics for each file.

You can also search for additional information about an SHA, or click the link at the bottom of the file analysis details page to view additional details on the server that analyzed the file. For more information, see Identifying Files by SHA-256 Hash.

If your access privileges allow you to view Message Tracking data for the messages that populate this report, click the Details link in the table.

To view details on the server that analyzed a file, see Requirements for File Analysis Report Details.

If a file extracted from a compressed or archived file is sent for analysis, only the SHA value of the extracted file is included in the File Analysis report.

You can use the File Analysis view of the Advanced Malware Protection report page to view:

• The number of incoming and outgoing files that are uploaded for file analysis by file analysis service of the Advanced Malware Protection engine.

• A list of incoming and outgoing files that have completed file analysis requests.

• A list of incoming and outgoing files that have pending file analysis requests.