Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
1
Replies

Block malware only using Local Malware Analysis

vaibhav.parlekar1
Level 1
Level 1

‎11-27-2017 12:39 PM - edited ‎02-21-2020 06:50 AM

Hi,

As per the documentation FireAMP blocks malware based on known hash and Firepower and can hold the file for 30 secs to get the verdict. In case if the verdict is unknown by FireAMP then can we use the ClamAV engine which is part of local malware analysis to block the malware inline on the network. Or is the file already sent in the network post FireAMP lookup.

 

We are trying to reduce the no. of unknown files in the network and block them at the network level. I see the block malware option in the file-blocking policy with local malware analysis option. Just wanted to confirm before enabling the check.

 

Any help on the same is appreciated.

Vaibhav

Labels:
0 Helpful
1 Reply 1

vaibhav.parlekar1
Level 1
Level 1

‎11-29-2017 04:24 PM

has anyone tried blocking malware just with local malware analysis enabled in the file policy.

 

Vaibhav

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card