Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1848
Views
0
Helpful
3
Replies

ESA does not extract ACE Archives

Go to solution
wernermeyer
Level 1
Level 1

‎12-27-2017 10:42 PM - edited ‎03-08-2019 07:30 PM

Hello,

last week we received a wave of email with ACE archives. This archives contained a malicious EXE file.

Only the ACE files was scanned by AMP but the archive was not extracted to scan the content. As far as I know, archives should be extracted for scanning. Why is this not working with ACE files?

ACE archives are listed as an compressed file type ESA can handle.

 

Furthermore, we have a content filter which removes attached files with executeable ending (.exe, .bat, .scr, ...). This content filter is also working even the files are in an archive (zip, ...). But it's not working with ACE archives, why?

 

We run 2 C370 with the latest AsyncOS.

 

Regards,

Werner

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎12-27-2017 11:00 PM

Hi Werner,

 

Currently the content filtering on the ESA cannot scan within ace compressed files, this is being tracked under the below feature request.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02589/?reffering_site=dumpcr

 

If ace compressed files are not a business requirement, you could update the filters to block files based on .ace filename.

 

Regards,

Libin Varghese

View solution in original post

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to wernermeyer

‎12-28-2017 12:50 AM

ACE files are not uploaded for file analysis by AMP as per this:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg50132/?reffering_site=dumpcr

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎12-27-2017 11:00 PM

Hi Werner,

 

Currently the content filtering on the ESA cannot scan within ace compressed files, this is being tracked under the below feature request.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02589/?reffering_site=dumpcr

 

If ace compressed files are not a business requirement, you could update the filters to block files based on .ace filename.

 

Regards,

Libin Varghese

0 Helpful

Go to solution
wernermeyer
Level 1
Level 1
In response to Libin Varghese

‎12-27-2017 11:51 PM

Hi Libin,

thank you for your quick reply.

What about AMP? Shouldn't the ACE archive be extracted for AMP scanning?

Kind regards,

Werner

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to wernermeyer

‎12-28-2017 12:50 AM

ACE files are not uploaded for file analysis by AMP as per this:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg50132/?reffering_site=dumpcr

 

 

0 Helpful
Customers Also Viewed These Support Documents