Manually Blacklisting Hash Values on ESA

gufari101 · ‎03-28-2017

Hi Guys,

I'm using Cisco ESA C370 "Version 8.5.6-106" with AMP license. Periodically i gets resports from an authority to block hash values on my devices including ESA and few other appliances, but i can't find any feature on my ESA to block SHA256 or MD5 Hashes manually on my ESA.

Looking for suggestions.

Libin Varghese · ‎03-29-2017

Hi,

I was able to locate the below feature request to allow matching MD5 hash values against attachments.

[ENH] - Check MD5 hash against file attachments

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus83198/?reffering_site=dumpcr

This feature is currently not available and is under review by the development teams.

Thank You!

Libin Varghese

Ken Stieers · ‎03-29-2017

There isn't one...yet. And there's no way to tie your ESA to your FireAMP account, where you can enter hashes for AMP to catch.

I'm hoping that they'll come up with a way for you to tie your ESA/WSA AMP clients to your FireAmp account, so you can actually track something from the moment it comes in....

fanny.hernandez · ‎12-17-2018

I have an ESA C190 and I need to block encrypted Hash on MD5

dmccabej · ‎12-21-2018

Hello,

We've recently added AMP For Endpoints (AMP4E) integration in AsyncOS 11.1.1. This would allow you whitelist or blacklist SHAs on AMP4E and have the appropriate action taken on the ESA. If you would like, you can review the release notes for added details: https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa11-1/ESA_11-1-1_Release_Notes.pdf

Thanks!

-Dennis M.