
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 07:21 AM - edited 10-21-2021 07:23 AM
Hello everybody,
our customer is running Firepower (FMC and FTD with rel 6.6.4).
It is easy to allow SMB access through a Firepower by an Access Control Rule.
But the customer has the request to allow only the execution of a certain exe-file
located on the mapped SMB share.
When I create a file policy I don't see a possibility to specify a file name (see attached
document). Just file types can be selected.
Before I try the impossible I want to ask: Is it possible to allow the execution of a single file
using Firepower?
If yes, do you have a document that explain how?
If not, how would you try to solve this task?
Thanks a lot for every hint!!!
Bye
R.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 08:41 PM
What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 10:59 PM
Dear Marvin,
thanks for your fast reply!
I will discuss this alternative with the customer.
Thanks a lot!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 08:41 PM
What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2021 10:59 PM
Dear Marvin,
thanks for your fast reply!
I will discuss this alternative with the customer.
Thanks a lot!
