Advanced Malware Protection - AMP Summary

The AMP Summary section of the Advanced Malware Protection report page shows file-based threats that were identified by the file reputation service.

To see the users who tried to access each SHA, and the filenames associated with that SHA-256, click a SHA-256 in the table.

You can click on the link in the Malware Threat Files interactive table to view all the instances of the file in Web Tracking that were encountered within the maximum available time range, regardless of the time range selected for the report.

If a file extracted from a compressed or archived file is malicious, only the SHA value of the compressed or archived file is included in the Advanced Malware Protection report.

You can use the AMP Summary section of the Advanced Malware Protection page to view:

• The summary of files that are identified by file reputation service of the Advanced Malware Protection engine, in a graphical format.

• The top malware threat files in a graphical format.

• The top threat files based on the file types in a graphical format.

• A trend graph for all the malware threat files based on the selected time range.

• The Malware Threat Files interactive table that lists the top malware threat files.

• The Files With Retrospective Verdict Change interactive table that lists the files processed by this appliance for which the verdict has changed since the transaction was processed. For more information about this situation, see the documentation for your Web Security appliance.

  In the case of multiple verdict changes for a single SHA-256, this report shows only the latest verdict, not the verdict history.

  If multiple Web Security appliances have different verdict updates for the same file, the result with the latest time stamp is displayed.

  You can click on a SHA-256 link to view web tracking results for all transactions that included this SHA-256 within the maximum available time range, regardless of the time range selected for the report.