Field Notice: FN74351 - Cisco Secure Web Appliance: Legacy Protocol for AMP File Reputation Going End of Life - Software Upgrade Recommended

Available Languages

Updated:February 24, 2026

Document ID:FN74351

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Medium

Impact Rating:

Medium

First Published:

2026-Feb-24

Last Published:

2026-Feb-24

Revision:

1.0

Cisco Bug IDs:

CSCws20676

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

Affected Software Product	Affected Release	Affected Release Number
AsyncOS for WSA	10	10.0.0, 10.0.0-142, 10.0.0-233, 10.1.0, 10.1.0-204, 10.1.0-270, 10.1.1, 10.1.1-235, 10.1.2, 10.1.2-036, 10.1.2-050, 10.1.3, 10.1.3-039, 10.1.3-054, 10.5.0, 10.5.0-358, 10.5.1, 10.5.1-270, 10.5.1-296, 10.5.1_LD, 10.5.1_LD-270, 10.5.2, 10.5.2-061, 10.5.2-072, 10.5.3, 10.5.6, 10.5.6-022, 10.6.0
AsyncOS for WSA	11	11.0.0, 11.0.0-641, 11.5.1, 11.5.1-115, 11.5.1-124, 11.5.1-125, 11.5.3, 11.5.3-016, 11.7.0, 11.7.0-406, 11.7.0-418, 11.7.1, 11.7.1-006, 11.7.1-020, 11.7.1-049, 11.7.2, 11.7.2-011, 11.8.0, 11.8.0(refresh), 11.8.0(refresh)-429, 11.8.0-414, 11.8.0-429, 11.8.0-453, 11.8.0-453-453, 11.8.1, 11.8.1-023, 11.8.3, 11.8.3-018, 11.8.3-021, 11.8.4, 11.8.4-004
AsyncOS for WSA	12	12.0.1, 12.0.1 GD, 12.0.1 GD-334, 12.0.1-268, 12.0.1-334, 12.0.2-004, 12.0.2-012, 12.0.3, 12.0.3-005, 12.0.3-007, 12.0.4, 12.0.4-002, 12.0.5-011, 12.5.1, 12.5.1 GD, 12.5.1 GD-043, 12.5.1-011, 12.5.1-043, 12.5.2, 12.5.2-007, 12.5.2-011, 12.5.3, 12.5.3-002, 12.5.4-005, 12.5.4-011, 12.5.5-004, 12.5.5-005, 12.5.5-008, 12.5.6-008
AsyncOS for WSA	14	14.0.1 GD, 14.0.1 GD-053, 14.0.1 GD-503, 14.0.1 LD, 14.0.1 LD-014, 14.0.1 LD-040, 14.0.1-014, 14.0.1-040, 14.0.1-053, 14.0.1-503, 14.0.2

Defect Information

Defect ID	Headline
CSCws20676	End of support for AMP file reputation integrations using the legacy protocol in SWA

Problem Description

Cisco is ending support for the legacy communication protocol that is used by Cisco Secure Web Appliance to interact with the Cisco Advanced Malware Protection (AMP) File Reputation service. The legacy protocol will be disabled by the end of April 2026. After this date, any Cisco Secure Web Appliance that is running a Cisco AsyncOS Software release that still uses the legacy protocol will fail to upload files to the AMP File Reputation service for reputation scoring.

Background

Cisco is sunsetting support for AMP file reputation integrations (SHA lookups) that use the legacy protocol through libimcloud. Cisco Secure Web Appliance has incorporated the next-generation AMPKit APIs starting with Cisco AsyncOS Software releases 15.2.4 and 15.5. Migration to these newer APIs is necessary because the legacy protocol-based AMP file reputation integration will be discontinued.

Problem Symptom

Cisco Secure Web Appliance administrators who are subscribed to AMP alerts will observe communication warning alerts and binary scan error alerts related to the AMP File Reputation service. These alerts will appear in both the web UI and CLI interfaces.

To view alerts from the web UI, go to System Administrator > Alerts > View Top Alerts.

To view alerts from the CLI, use the displayalerts command.

Workaround/Solution

To avoid disruption of the AMP File Reputation service, Cisco recommends upgrading your Cisco Secure Web Appliance to Cisco AsyncOS Software Release 15.2.4, 15.5, or later. These releases use the updated AMPKit APIs.

For instructions on how to upgrade, see the AsyncOS for Web Upgrades and Updates section in the Cisco Secure Web Appliance User Guide for detailed upgrade instructions.

How to Identify Affected Products

To see the current Cisco AsyncOS Software release that is running on Cisco Secure Web Appliance:

Log in to the web UI. The login page displays the current AsyncOS version.
Log in at the CLI. The welcome message displays the current AsyncOS version. Alternatively, use either the version or the ipcheck command.

Revision History

Version	Description	Section	Date
1.0	Initial Release	—	2026-FEB-24

For More Information

For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:

Receive Email Notification About New Field Notices

To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Secure Web Appliance Virtual