https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919255#M1038234 <P>Hello John</P> <P>If you have malware license using file policy under policies 》 access control 》 File Policy , you can block the .exe extension.Do you want block only for wireshark.exe or all other .exe extension files ?&nbsp;</P> <P>Rate if post helps you</P> <P>Regards</P> <P>Jetsy</P> Tue, 12 Jul 2016 05:34:43 GMT Jetsy Mathew 2016-07-12T05:34:43Z https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919254#M1038228 <P><SPAN style="font-size: 10pt; font-family: 'courier new', courier, monospace;">We would like to know how to block wireshark .exe in firesight.&nbsp;</SPAN></P> Tue, 12 Mar 2019 13:04:15 GMT https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919254#M1038228 John 2019-03-12T13:04:15Z https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919255#M1038234 <P>Hello John</P> <P>If you have malware license using file policy under policies 》 access control 》 File Policy , you can block the .exe extension.Do you want block only for wireshark.exe or all other .exe extension files ?&nbsp;</P> <P>Rate if post helps you</P> <P>Regards</P> <P>Jetsy</P> Tue, 12 Jul 2016 05:34:43 GMT https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919255#M1038234 Jetsy Mathew 2016-07-12T05:34:43Z https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919256#M1038237 <P><SPAN style="font-size: 10pt; font-family: 'courier new', courier, monospace;">Hello Jetsy,</SPAN></P> <P></P> <P><SPAN style="font-size: 10pt; font-family: 'courier new', courier, monospace;">We want to block all installer of sniffing tool, like wireshark.exe.</SPAN></P> Tue, 12 Jul 2016 06:55:18 GMT https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919256#M1038237 John 2016-07-12T06:55:18Z https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919257#M1038242 <P>Hello John,&nbsp;</P> <P></P> <P class="pB1_Body1">When the ASA FirePOWER module / Firepower devices detects an eligible file, the ASA FirePOWER module / Firepower devices then performs a<EM class="cEmphasis">malware cloud lookup</EM><A name="marker-2146255"></A>using the file’s SHA-256 hash value. Based on these results, the Cisco cloud returns a file disposition to the ASA FirePOWER module.</P> <P class="pB1_Body1"><A name="pgfId-2013121"></A>If a file has a disposition in the cloud that you know to be incorrect, you can add the file’s SHA-256 value to a file list:</P> <UL> <LI class="pBu1_Bullet1"><A name="pgfId-1965483"></A>To treat a file as if the cloud assigned a clean disposition, add the file to the <EM class="cEmphasis">clean list</EM><A name="marker-2014362"></A>.</LI> <LI class="pBu1_Bullet1"><A name="pgfId-1965614"></A><SPAN style="text-decoration: underline;"><STRONG>To treat a file as if the cloud assigned a malware disposition, add the file to the <EM class="cEmphasis">custom detection list.</EM></STRONG></SPAN><A name="marker-2014367"></A></LI> </UL> <P class="pB1_Body1"><A name="pgfId-1965684"></A>If the system detects a file’s SHA-256 value on a file list, it takes the appropriate action without performing a malware lookup or checking the file disposition.</P> <P class="pB1_Body1"><STRONG>In order to block wireshark and other similar tools, please browse to&nbsp;</STRONG></P> <P class="pB1_Body1"><STRONG>FMC &gt;&gt; Objects &gt;&gt; Objects Management &gt;&gt; File List &gt;&gt; Custom Detection List &nbsp;&gt;&gt; "Edit using the pencil icon" &gt;&gt; "Choose Calculate SHA in drop-down" &gt;&gt; Browse and Select file types for this list (For example, Wireshark EXEs, DMGs, etc)</STRONG></P> <P class="pB1_Body1"><STRONG></STRONG></P> <P class="pB1_Body1"><STRONG><IMG src="https://community.cisco.com/legacyfs/online/media/screen_shot_2016-07-12_at_9.35.35_am.png" class="migrated-markup-image" /></STRONG></P> <P class="pB1_Body1">Hope this helps.</P> <P class="pB1_Body1"></P> <P class="pB1_Body1">Regards,</P> <P class="pB1_Body1">Pujita</P> <P class="pB1_Body1"></P> <P class="pB1_Body1">Rate if this helps.</P> <P class="pB1_Body1"></P> Tue, 12 Jul 2016 16:39:02 GMT https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919257#M1038242 Pujita Patni 2016-07-12T16:39:02Z https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919258#M1038246 <P>You may need to list all types of sniffing tools files and create their malware detection signature, including wireshark, nmap, and other types and add them to the malware detection policy. &nbsp;Cisco TAC can assist or you can load your own. Happy tunning.</P> Fri, 15 Jul 2016 19:21:06 GMT https://community.cisco.com/t5/network-security/firesight-block-wireshark-exe/m-p/2919258#M1038246 Ed Padilla Jr 2016-07-15T19:21:06Z