11-23-2018 10:56 AM - edited 02-20-2020 09:07 PM
HI everyone i have a doubt with the action of dynamic analysis on the FMC, i have read and hear some folks who says that the files(for example a .exe) are never send to the cloud, only a hash sha256, and from my undertstanding this is what the spero engine does, but with the dynamic analysis the documentation stays that the file with a disposition of unknown is submitted to threat grid a.k.a. sandboxing for analysis, so my question/doubt is if a user downloads a file .exe with unknown disposition does the firepower send the entire file for sandboxing or sends a sha256?
Hope you can understand my question and clarify me this concepts .
Thanks and Best regards!
Solved! Go to Solution.
11-26-2018 03:51 AM
Hi
Dynamic analysis or sandboxing for unknown file does require full file to be submitted which is done on FMC.
But for known files only SHA query is done and Threatgrid would reply back with threat score and AMP cloud would let know the disposition like malicious, clean or unknown.
Hope it helps,
Yogesh
11-26-2018 03:51 AM
Hi
Dynamic analysis or sandboxing for unknown file does require full file to be submitted which is done on FMC.
But for known files only SHA query is done and Threatgrid would reply back with threat score and AMP cloud would let know the disposition like malicious, clean or unknown.
Hope it helps,
Yogesh
11-26-2018 06:52 AM
Thank you so much yogdhanu for clarify my doubt!!
Best regards!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide