Meraki Community

Vladimiry_JSC · ‎Dec 6 2017

Hello,

I would like to know how AMP responds to emails coming in with malicious links. I received an email with no attachments just a malicious link with a file. I did not click on it but I used some Reconnaissance methods to justify that is was malicious. Meraki AMP detected that it blocked the virus from my PC. I am wondering how it does that? Does it analyze the link ahead of time?

Thank you,

Vlad

PhilipDAth · ‎Dec 6 2017

No it doesn't look at links in email.

At the time you click on the link, and if it is an http request, then AMP will analyse the content being downloaded.

Often Content Filtering is a better way to deal with these. I use Content Filtering to block these categories (purely for security reasons):

Bot Nets

Illegal

Malware Sites

Proxy Avoidance and Anonymizers

View solution in original post

PhilipDAth · ‎Dec 6 2017