09-11-2018 10:48 PM - edited 02-21-2020 08:13 AM
Hello Experts -
I need to know that we are using cisco ASA 5512 with firepower defense center. We have URL and malware license. I want to block the hashes like given below. Can anyone of you help me out in configuring this. looking forward for your positive response in this regards.
c48f5f5bghd34939c9e6cc1eff86db882f3e57d8e |
Solved! Go to Solution.
09-26-2018 02:47 AM
You're welcome.
That's correct.
09-26-2018 10:09 PM
Marvin I am facing a problem in FMC security intelligence that when I add list in txt. format which has URL in it. list got uploaded and after that when I download the list from SI to check, The URL will not appear in that list which was added earlier also it is not blocking when I add that list in blacklist mode. I am Using FMC software version: 5.4.1.6. Kindly suggest.
09-27-2018 12:46 AM
I'm not sure what might be wrong with your file. I've tested blacklist based on uploading a text file and it worked fine for me.
I am using the most recent Firepower versions but did this test as far back as 6.1. Is there a reason why you are running a VERY old version of Firepower? If you contact TAC they will almost undoubtedly ask that you upgrade to a current release and try it again.
09-23-2019 07:43 AM
What does one do if the opposite needs to happen ? What if FirePower with AMP for files is blocking a file it shouldn't be ? We have the SHA256 hash that being blocked, its not malware, we know what the file is and what its behavior is. What needs to be done to, lay person's terms, " if Firepower detects a specific SHA256 file on the network, do nothing."
09-23-2019 09:06 PM - edited 09-23-2019 09:07 PM
AMP for Networks (i.e. on FMC or Firepower device) does not allow you to create policies based on a specific file's SHA-256. That requires AMP for endpoints where it is done on the AMP console.
The best you can do is open a ticket with TAC (or Talos - I find TAC more interactive and responsive) and request the incorrect SHA-256 be remedied in AMP cloud.
09-24-2019 06:21 AM
Thank you for your reply. Very helpful.
07-24-2024 10:30 AM
Once you create a Malware & File policy and choose BLOCK and push the config out to your FTD, it will automatically just block everything from the Custom-Detection-List?
08-25-2020 08:26 AM
Hi,
The license that i have just "protection license", Can we blocking hash?
and i'm already follow to add hash on object - file list - custom detection list
and then create file policy, i'm cannot show the list for hash file.
how to add it hash file on file policy?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide