Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
0
Helpful
2
Replies

Firepower: Is it possible to allow the execution of a single file?

Go to solution
swscco001
Level 1
Level 1

‎10-21-2021 07:21 AM - edited ‎10-21-2021 07:23 AM

Hello everybody,

our customer is running Firepower (FMC and FTD with rel 6.6.4).

It is easy to allow SMB access through a Firepower by an Access Control Rule.

But the customer has the request to allow only the execution of a certain exe-file
located on the mapped SMB share.

When I create a file policy I don't see a possibility to specify a file name (see attached
document). Just file types can be selected.

Before I try the impossible I want to ask: Is it possible to allow the execution of a single file
using Firepower?

If yes, do you have a document that explain how?

If not, how would you try to solve this task?

Thanks a lot for every hint!!!




Bye
R.

Preview file
214 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-21-2021 08:41 PM

What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.

View solution in original post

0 Helpful

Go to solution
swscco001
Level 1
Level 1

‎10-21-2021 10:59 PM

Dear Marvin,

 

thanks for your fast reply!

 

I will discuss this alternative with the customer.

 

Thanks a lot!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-21-2021 08:41 PM

What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.

0 Helpful

Go to solution
swscco001
Level 1
Level 1

‎10-21-2021 10:59 PM

Dear Marvin,

 

thanks for your fast reply!

 

I will discuss this alternative with the customer.

 

Thanks a lot!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card