Intelligence Application Bypass

msanclimenti — Thu, 17 Oct 2019 19:11:13 GMT

My customer is receiving alerts for the PkgCatalog.z file. The customer is telling me it is a McAfee file. I cannot create a Clean List for this file since the hash is always changing. I am attempting to use IAB so I can trust the file and eliminate the file alerts. I have configured IAB with the only two Available Application choices, McAfee and McAfee AutoUpdate. I have the flow options low so the file can trigger at least one of the option for the FMC to evaluate the file and trust the file. So far, this has not worked.

I would like to know if anyone has used IAB with McAfee? If I am going in the wrong direction, any suggestions would be greatly appreciated. Thanks.

Re: Intelligence Application Bypass

hassan.mehsen — Thu, 17 Oct 2019 19:37:19 GMT

IAB is not used for such scenarios, usually IAB identifies applications that you trust to traverse your network without further inspection if performance and flow thresholds are exceeded. For example, if a nightly backup significantly impacts system performance, you can configure thresholds that, if exceeded, trust traffic generated by your backup application.

What i recommend you to do is to trust Mcafee as an application by using application filter with an access policy.

topic Intelligence Application Bypass in Network Security

Intelligence Application Bypass

Re: Intelligence Application Bypass