PDF(10.5 KB) View with Adobe Reader on a variety of devices
ePub(84.9 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(71.2 KB) View on Kindle device or Kindle app on multiple devices
Updated:September 10, 2020
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
The Email Security Appliance (ESA) uses the Advanced Malware Protection (AMP) feature which contains two main functions:
File Analysis uploads message attachments for sandbox analysis to ThreatGrid Cloud servers.
Understand the "Upload Limit Reached" Alert
Message Tracking can show emails were unscanned by Advanced Malware Protection (AMP) because they reached the upload limit.
02 Dec 2019 14:11:36 (GMT +01:00) Message 12345 is unscannable by Advanced Malware Protection engine. Reason: Upload Limit Reached
In the new ThreatGrid sample limits model, these limits are the number of samples that devices are allowed to upload for file analysis on per organization basis. All integrated devices (WSA, ESA, CES, FMC, etc.) as well as AMP for Endpoints are entitled to 200 samples per day, regardless of the number of devices.
This is a shared limit (not a limit per device), and this applies to licenses bought after 12/1/2017.
Note: This counter is not reset every day, instead, this works as a 24 hours roll over period.
In a cluster of 4 ESAs with a 200 upload samples limit, if the ESA1 uploads 80 samples at 10:00 today, then, only 120 more samples can be uploaded among the 4 ESAs (shared limit) from today at 10:01 until tomorrow at 10:00, when the first 80 slots are released.
How can you Check the Number of Samples your ESAs have Uploaded in the past 24 Hours?
ESA: Navigate to Monitor > AMP File Analysis report and check the Files Uploaded for Analysis section.
SMA: Navigate to Email > Reporting > AMP File Analysis report and check the Files Uploaded for Analysis section.