https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3674521#M32476 <P>Thanks&nbsp;<SPAN>Yogesh I already have SI enabled.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Dan</SPAN></P> Wed, 25 Jul 2018 16:11:52 GMT dan hale 2018-07-25T16:11:52Z https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3672614#M32473 <P>Hi All, I have a 2120&nbsp; running in FTD mode with the IPS and AMP licenses and an FMC all on version 6.2. I setup the IPS and AMP (file policy) based on the configuration guide.</P> <P>&nbsp;</P> <P>On my Access Control Policy I do have both the file policy and IDS checked to inspect when internal traffic goes out to the internet.</P> <P>&nbsp;</P> <P>There are some weird connection events that lead me to believe some internal hosts maybe compromised when I look in the connection events...some computers talking to other countries that should not.</P> <P>&nbsp;</P> <P>Besides setting up Geofencing to deny internal traffic to those countries is there a better report I can run besides looking at the connection events?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Dan.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 16:00:11 GMT https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3672614#M32473 dan hale 2020-02-21T16:00:11Z https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3673113#M32475 <P>Hi</P> <P>&nbsp;</P> <P>You can also enable security intelligence (both URL and IP) and make sure the default blacklist categories are blocked. That also does the trick sometime.</P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>Yogesh</P> Tue, 24 Jul 2018 12:44:22 GMT https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3673113#M32475 yogdhanu 2018-07-24T12:44:22Z https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3674521#M32476 <P>Thanks&nbsp;<SPAN>Yogesh I already have SI enabled.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Dan</SPAN></P> Wed, 25 Jul 2018 16:11:52 GMT https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3674521#M32476 dan hale 2018-07-25T16:11:52Z https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3689317#M32477 If you have access to Cisco Live, checkout "A Deep Dive into using the Firepower Manager - BRKSEC-2058".<BR />Very helpful tips on how to manage Firepower.<BR /><BR />br, Mikael Wed, 15 Aug 2018 22:36:57 GMT https://community.cisco.com/t5/network-security/detecting-malware-and-suspicious-activity/m-p/3689317#M32477 mikael.lahtela 2018-08-15T22:36:57Z