FMC: How to whitelist a particular DNS request being dropped by “MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt”
Recently a particular DNS request is being dropped by the rule “MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt” and this is affecting our access to that external resource.
We looked over that event packet information, the dropped DNS request domain details are: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com: type A, class IN Name: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com Type: A (Host address) Class: IN (0x0001)
In this connection, we wanted to whitelist only this particular DNS request: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com by:
Adding an Access Control Policy: Access Control Policy#1 – URLs: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com; Action: Allow (Inspection: Intrusion Policy #1)
In the "Intrusion Policy": Intrusion Policy #1 - Drop when inline: No; Status: Used by 1 access control policy (used by Access Control Policy #1)
However, this DNS request is still being dropped despite the access control policy. Could anyone advise what went wrong.
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,...
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...