Advanced Malware Protection – AMP Reputation

The Advanced Malware Protection - AMP Reputation page shows incoming and outgoing file-based threats that were identified by the file reputation service.

For files with changed verdicts, see the AMP Verdict updates report. Those verdicts are not reflected in the Advanced Malware Protection report.

If a file extracted from a compressed or archived file is malicious, only the SHA value of the compressed or archived file is included in the Advanced Malware Protection report.

The Incoming files handled by AMPsection shows the incoming malware files by different categories such as malicious, clean, unknown, unscanable, and low risk.

Incoming malicious files are categorized as the following:

  • The percentage of blocked listed file SHAs received from the AMP reputation server that are categorized as Malware.

  • The percentage of blocked listed file SHAs received from the AMP for Endpoints console that are categorised as Custom Detection. The threat name of a blocked listed file SHA obtained from AMP for Endpoints console is displayed as Simple Custom Detection in the Incoming Malware Threat Files section of the report.

  • The percentage of blocked listed file SHAs based on the threshold settings that are categorised as Custom Threshold.

You can click on the link in the More Details section of the report to view the file trajectory details of a blocked listed file SHA in the AMP for Endpoints console.

You can view the Low Risk verdict details in the Incoming Files Handed by AMP section of the report.

You can use the AMP Reputation view of the Advanced Malware Protection: Incoming report page to view:

  • The summary of incoming files that are identified by file reputation service of the Advanced Malware Protection engine, in a graphical format.

  • A trend graph for all the incoming malware threat files based on the selected time range.

  • The top incoming malware threat files.

  • The top incoming threat files based on the file types.

  • The Incoming Malware Threat Files interactive table that lists the top incoming malware threat files.

    Drill down to view detailed analysis results, including the threat characteristics for each file.

    If your access privileges allow you to view Message Tracking data for the messages that populate this report, click a blue number link in the table.

You can use the AMP Reputation view of the Advanced Malware Protection: Outgoing report page to view:

  • The summary of outgoing files that are identified by file reputation service of the Advanced Malware Protection engine, in a graphical format.

  • A trend graph for all the outgoing malware threat files based on the selected time range.

  • The top outgoing malware threat files.

  • The top outgoing threat files based on the file types.

  • The Outgoing Malware Threat Files interactive table that lists the top outgoing malware threat files that are identified by the file reputation service.

    Drill down to view detailed analysis results, including the threat characteristics for each file.

    If your access privileges allow you to view Message Tracking data for the messages that populate this report, click a blue number link in the table.