View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0172 - ASA FirePower Malware Detection (Part 2)

SEC0172 - ASA FirePower Malware Detection (Part 2)

Rating: 
5
Average: 5 (5 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video demonstrates Cisco ASA FirePower ability to perform Malware file detection and blocking. We will look at how a file is determined to contain malware, specifically executable files. We will attempt to submit a file with unknown disposition for further cloud analysis, explain the meaning of threat score, and review file analysis report. Finally, we will introduce you to Clean and Detection list and how they can be used to overwrite the default malware detection behavior. 
 
Part 2 of this video goes through Clean and Detection list, threat score, and possible integration with Endpoint FireAMP
 
Topic:
  • File Malware Detection and Blocking
  • File Malware Dynamic and Spero Analysis
  • File Trajectory
  • File Capture and SHA256 Digest
  • File Clean and Detection List
  • Threat Score and Cloud Analysis Report
  • Endpoint FireAMP Integration
Tag: 
asa
firepower
sourcefire
ngfw
firesight
malware
spero
fireamp
threat score

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

6 comments

Submitted by Pacerfan9 on Wed, 08/26/2015 - 08:13

When malware is detected can the system display a webpage indicating the reason why the download stopped?

Submitted by admin on Wed, 08/26/2015 - 21:13

To our knowledge, it is not possible. FP will silently drop traffic and generate log entry.

Submitted by orkhan.r on Thu, 05/02/2019 - 23:16

Hello, What happens when we choosed Block malware with dynamic analysis option and system detects file with unknown disposition? Will it send it to cloud and wait until answer come or pass first packet and send copy to cloud for further detection?

Submitted by admin on Wed, 05/08/2019 - 05:22

Firepower never blocks the first file with unknow disposition. Only when the dynamic analysis results comes back as malware, the subsequent file will be blocked.

Submitted by nityanand15 on Wed, 05/05/2021 - 22:44

Firepower, how long store Malware & unknown files ? Are these files auto deletes ? I see its consuming disk space.

Submitted by admin on Thu, 05/13/2021 - 22:43

FMC store files until allocated disk space is filled and will start deleting the oldest file. You can also install malware storage pack to increase capacity.