Advanced Malware Protection - File Analysis

The File Analysis section of the Advanced Malware Protection report page shows the time and verdict (or interim verdict) for each file sent for analysis. The appliance checks for analysis results every 30 minutes.

For deployments with an on-premises Cisco AMP Threat Grid Appliance: Files that are included in the allowed list on the Cisco AMP Threat Grid appliance show as "clean." For information about allowed list, see the AMP Threat Grid online help.

Drill down to view detailed analysis results, including the threat characteristics and score for each file.

You can also view additional details about an SHA directly on the server that performed the analysis by searching for the SHA or by clicking the Cisco AMP Threat Grid link at the bottom of the file analysis details page.

To view details on the server that analyzed a file, see Requirements for File Analysis Report Details.

If a file extracted from a compressed or archived file is sent for analysis, only the SHA value of the extracted file is included in the File Analysis report.

You can use the File Analysis section of the Advanced Malware Protection report page to view:

• The number of files that are uploaded for file analysis by file analysis service of the Advanced Malware Protection engine.

• A list of files that have completed file analysis requests.

• A list of files that have pending file analysis requests.