Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
0
Helpful
0
Replies

FMC: How to whitelist a particular DNS request being dropped by “MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt”

Kelvin00846
Level 1
Level 1

‎05-17-2021 07:22 PM

Recently a particular DNS request is being dropped by the rule “MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt” and this is affecting our access to that external resource.

 

We looked over that event packet information, the dropped DNS request domain details are:
XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com: type A, class IN
Name: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com
Type: A (Host address)
Class: IN (0x0001)

 

In this connection, we wanted to whitelist only this particular DNS request: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com by:

 

Adding an Access Control Policy:
Access Control Policy#1 – URLs: XXX- us-east-1-XXX-XXX-XXX.XXX.XXX.com; Action: Allow (Inspection: Intrusion Policy #1)

 

In the "Intrusion Policy":
Intrusion Policy #1 - Drop when inline: No; Status: Used by 1 access control policy (used by Access Control Policy #1)

 

However, this DNS request is still being dropped despite the access control policy. Could anyone advise what went wrong.

1 person had this problem
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card