04-18-2017 05:55 AM - edited 02-20-2020 09:03 PM
one of our appliance (non-cisco) detect the malware. we would like to know how can we block the malware to sourcefice.
please see attached sample malware.
04-18-2017 06:46 AM
The basic answer would be, the AMP detects malware based on signature details.The machine learning called Spero engine detect abnomalies in the system and finally threatgrid as dynamic analysis with power of API automatic sample submissions.
David
04-18-2017 07:18 AM
how do we determine if the sourcefire already block the malware?
04-18-2017 07:23 AM
in the dashboard > Analysis > events > Threat detected
This is displayed as day/week/All
To search up for particular malware, you need to know its SHA. Than you can use the filter under Analysis > Search.
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide