10-04-2016 01:44 AM - edited 02-20-2020 09:02 PM
Hello,
I have question for AMP for Endpoint,
I am referring to documentation "File Types That are Scanned by FireAMP Connector"
The Windows and Mac Connectors
Supported File Types Looked Up Against the Cloud
Device Trajectory and File Trajectory display these file types:
Unsupported File Type
The Android Connector
May I know from the documentation:
1. Is it mean only those file type are supported to be scanned by FireAMP connector?
2. And I am referring to Firepower 6.0 config guide and found the following mention AMP for Endpoints support all file types:
3. And I can't find what is file referring to MACHO and MACHO_UNBIN, could please help advise what are file type in those category?
Thanks again for the help.
Thanks
Regards,
Kelvin
Solved! Go to Solution.
10-05-2016 06:13 AM
Kelvin,
The file types you listed are the ones that are supported to show Device Trajectory and File Trajectory. The other file types are still scanned and checked against the cloud, they're just not going to show on the Device and File Trajectory.
For additional information on MACHO files, please refer to this article.
Thanks,
Matthew Franks
ENGINEER, CUSTOMER SUPPORT
FireAMP TAC
10-05-2016 06:13 AM
Kelvin,
The file types you listed are the ones that are supported to show Device Trajectory and File Trajectory. The other file types are still scanned and checked against the cloud, they're just not going to show on the Device and File Trajectory.
For additional information on MACHO files, please refer to this article.
Thanks,
Matthew Franks
ENGINEER, CUSTOMER SUPPORT
FireAMP TAC
10-05-2016 06:28 PM
Hi Matthew,
Thanks for clearing my doubt and thanks for the link. Excellent.
Thanks
Regards,
Kelvin
10-17-2016 04:00 AM
Kelvin,
I'd like to clarify a bit on the "other file types are still scanned" portion of what I said as I was mistaken. All file types are reviewed and if the TETRA engine is enabled, then they are scanned by that engine, not necessarily checked against the cloud.
10-23-2016 05:32 AM
Hi Matthew,
Thanks for the update, so without TETRA engine enabled, only the following are scanned and checked against the cloud?
Supported File Types Looked Up Against the Cloud
Device Trajectory and File Trajectory display these file types:
Unsupported File Type
•Mac connector is able to scan everything but SWF.
•Windows connector currently does not scan Elf, Java, xar(pkg), macho, or macho_unibin.
(As per the following document:
http://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118711-technote-fireamp-00.html#anc2)
Thanks
Regards,
Kelvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide