Download Firmware Cisco ESA AsyncOS 14.3.0 Refresh

Cisco has released a firmware update for her Email Security Appliances, which are abbreviated to ESA. The technology comes from IronPort Systems, which was purchased by Cisco in 2007. Although that was more than a decade and a half ago, you still hear the name IronPort for these appliances. For the supported upgrade paths, it is advisable to review the documentation or contact Cisco’s TAC. This firmware is called 14.3.0 Refresh and has 14.3.0-032 as the exact version number. The list of innovations looks like this:

What’s New In This Release

Integrating Secure Email Cloud Gateway with Threat Defense
The Threat Defense Connector client connects the Secure Email Cloud Gateway with the Secure Email Threat Defense to scan messages for Advanced Phishing and Spoofing. When you configure the Threat Defense Connector, the Secure Email Cloud Gateway sends a copy of the actual message as an attachment to the Threat Defense portal’s message intake address. The message gets delivered to the user inbox, and advanced scanning completes in the Threat Defense portal.

No Support for Cisco Secure Email Phishing Defense
From this release onwards, as of December 14, 2022, the Cisco Secure Email Phishing Defense (formerly known as Cisco Advanced Phishing Protection) feature will no longer be supported from Secure Email Cloud Gateway 14.3 onwards. For more details, click here. Contact Cisco Technical Assistance for further assistance. Note The above statement does not apply to existing users who have a valid license and are actively using the Cisco Secure Email Phishing Defense feature.

Custom User Role for AMP Configurations
The administrator can define a custom user role that provides access to AMP Configuration, AMP Reports, File Analysis Quarantine, and Message Tracking. The administrator can then assign this custom user role to the delegated administrator.

Consolidated Event Logs Enhancement
In the Consolidated Event Logs, two new fields are added, which can be used to include additional data when integrating your email gateway with the Security Information and Event Management (SIEM) application:
• Custom Log Entries
• Custom Log Headers
You can use the two fields to add a custom header, custom log entry, or both in Consolidated Event Logs. Note You can add only 25 custom log headers in Consolidated Event Logs.

Using only User-defined Passphrases to open Password-protected Attachments
From this release onwards, you can choose to use only the user-defined passphrases created in your email gateway to open password-protected attachments in incoming and outgoing messages.

Changes in Behavior

Message Tracking – Remediation Action Changes
[Before this Release]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you could enter any special characters in addition to ‘az,’ ‘AZ, ‘ and ‘0-9’ characters for the ‘Remediation Batch Name’ and ‘Description’ fields .
[From this Release onwards]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you can only enter ‘az,’ ‘AZ, ‘ ‘0-9,’ ‘_,’ ‘-‘ characters, and spaces for the ‘Remediation Batch Name’ and ‘Description’ fields.

Changes to Default Log Level Selected for Audit Logs
[Before this Release]: When you would create an ‘Audit log’ log subscription using the web interface or the CLI, the ‘Information’ option would be selected as the default log level.
[From this Release onwards]: When you create an ‘Audit log’ log subscription using the web interface or the CLI, the ‘Debug’ option is selected as the default log level. You can change the log level option if required.

Content Scanner – Maximum File Size Scan Limit Changes
[Before this Release]: The Content Scanner in your email gateway would scan the text contents of the message attachment, even if the size of the extracted text from the attachment exceeded the configured maximum file size scan limit.
[From this Release onwards]: The Content Scanner only scans the extracted text contents of the message attachment based on the configured maximum file size scan limit. The remaining text contents that exceed the configured maximum file size scan limit are truncated.
For Example: You configured the maximum file size limit as 5 MB, and the text contents extracted from the message attachment are more than 5 MB (for example, ‘8 MB’). The Content Scanner only scans the text contents of a 5 MB file size and truncates the remaining 3 MB file size

Changes in uploading HTML and Octet-stream Files for File Analysis
[Before this release]: The email gateway could only upload HTML and Octet-stream files (mime type – application/octet-stream and text/html) to the File Analysis server if the file extensions were selected for file analysis.
[From this release onwards]: The email gateway can now upload the HTML and Octet-stream files to the File Analysis server for file analysis, even if the file extensions are not selected for file analysis.
Note: As the number of files uploaded to the File Analysis server may increase, the email gateway could potentially reach the file upload limit of the file analysis server quickly.

Changes in uploading Archived Files for File Analysis
[Before this release]: When the AMP engine failed to extract the archive files (including password-protected archived attachments) from a message, the attachments would not be uploaded to the File Analysis server.
[From this release onwards]: When the AMP engine fails to extract the archive files (including password-protected archived attachments) from a message, the attachments are now uploaded to the File Analysis server for file analysis.
Note: As the number of files uploaded to the File Analysis server may increase, the email gateway could potentially reach the file upload limit of the file analysis server quickly.

Known and Fixed Issues

Use the Cisco Bug Search Tool to find information about known and fixed defects in this release. Known Issues and Fixed Issues.