10-21-2021 07:21 AM - edited 10-21-2021 07:23 AM
Hello everybody,
our customer is running Firepower (FMC and FTD with rel 6.6.4).
It is easy to allow SMB access through a Firepower by an Access Control Rule.
But the customer has the request to allow only the execution of a certain exe-file
located on the mapped SMB share.
When I create a file policy I don't see a possibility to specify a file name (see attached
document). Just file types can be selected.
Before I try the impossible I want to ask: Is it possible to allow the execution of a single file
using Firepower?
If yes, do you have a document that explain how?
If not, how would you try to solve this task?
Thanks a lot for every hint!!!
Bye
R.
Solved! Go to Solution.
10-21-2021 08:41 PM
What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.
10-21-2021 10:59 PM
Dear Marvin,
thanks for your fast reply!
I will discuss this alternative with the customer.
Thanks a lot!
10-21-2021 08:41 PM
What you are asking is really not the kind of thing that the Malware license ("AMP for Networks") on a Firepower device is meant to do. The sort of restriction you are asking about is better suited for a server-side security setup. One alternative would be to host the file (and only that file) on a web site / URL that's whitelisted/allowed in your access control policy.
10-21-2021 10:59 PM
Dear Marvin,
thanks for your fast reply!
I will discuss this alternative with the customer.
Thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide