Hello,
I have question for AMP for Endpoint,
I am referring to documentation "File Types That are Scanned by FireAMP Connector"
http://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118711-technote-fireamp-00.html
The Windows and Mac Connectors
Supported File Types Looked Up Against the Cloud
Device Trajectory and File Trajectory display these file types:
- MSEXE
- PDF
- MSCAB
- MSOLE2
- ZIP
- ELF
- MACHO
- MACHO_UNIBIN
- SWF
- JAVA
Unsupported File Type
- Mac connector is able to scan everything but SWF.
- Windows connector currently does not scan Elf, Java, xar(pkg), macho, or macho_unibin.
The Android Connector
- Android connector examines APK files.
May I know from the documentation:
1. Is it mean only those file type are supported to be scanned by FireAMP connector?
2. And I am referring to Firepower 6.0 config guide and found the following mention AMP for Endpoints support all file types:
http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html#ID-2193-00000329
Table 2 Network vs Endpoint-Based Advanced Malware Protection Strategies
|
Feature
|
AMP for Firepower
|
AMP for Endpoints
|
|
file type detection and blocking method (file control)
|
in network traffic, using access control and file policies
|
not supported
|
|
malware detection and blocking method
|
in network traffic, using access control and file policies
|
on individual endpoints, using a connector that communicates with the AMP cloud
|
|
network traffic inspected
|
traffic passing through a managed device
|
none; connectors installed on endpoints directly inspect files
|
|
malware detection robustness
|
limited file types
|
all file types
|
3. And I can't find what is file referring to MACHO and MACHO_UNBIN, could please help advise what are file type in those category?
Thanks again for the help.
Thanks
Regards,
Kelvin
