Advanced Malware Protection (AMP) is an industry-leading anti-malware technology from SourceFIRE, integrated into MX Security Appliances.
AMP is available only in the Advanced Security Edition.
It is important to understand several key concepts with AMP:
A file's disposition is a categorization from the AMP cloud that determines what actions are taken on the file download.
There are three file dispositions:
Some times files will change disposition, based on new threat intelligence gained by the AMP cloud. This re-classification can also generate retrospective alerts and notifications.
The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud. If the MX receives a disposition of malicious for the file download, it will be blocked. If the MX receives a disposition of clean or unknown, the file download will be allowed to complete.
The supported file types for inspection are:
* This includes the inspection of XML-based Microsoft Office file types (.docx, .xlsx, etc...).
You can enable AMP by setting the Scanning option to Enabled under the Malware detection section in Security Appliance > Configure > Threat protection.
Monitoring of AMP events can be done using the Security Center page under Security Appliance > Monitor > Security Center.
Please see this article for more information on the Security Center.
E-mail alerts can be configured for retrospective malware events in the Network-wide > Configure > General page. To enable these, check the box for Malware is downloaded in the Network Alerts section. This alert will email the configured recipients when a retrospective AMP alert occurs, notifying the administrator that a file that has been downloaded now has a malicious disposition.