topic Re: Firepower: Is it possible to allow the execution of a single file? in Network Security

Firepower: Is it possible to allow the execution of a single file?

swscco001 — Thu, 21 Oct 2021 14:23:10 GMT

Hello everybody,

our customer is running Firepower (FMC and FTD with rel 6.6.4).

It is easy to allow SMB access through a Firepower by an Access Control Rule.

But the customer has the request to allow only the execution of a certain exe-file
located on the mapped SMB share.

When I create a file policy I don't see a possibility to specify a file name (see attached
document). Just file types can be selected.

Before I try the impossible I want to ask: Is it possible to allow the execution of a single file
using Firepower?

If yes, do you have a document that explain how?

If not, how would you try to solve this task?

Thanks a lot for every hint!!!

Bye
R.

Re: Firepower: Is it possible to allow the execution of a single file?

Marvin Rhoads — Fri, 22 Oct 2021 03:41:51 GMT

What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.

Re: Firepower: Is it possible to allow the execution of a single file?

swscco001 — Fri, 22 Oct 2021 05:59:39 GMT

Dear Marvin,

thanks for your fast reply!

I will discuss this alternative with the customer.

Thanks a lot!