FTD - File Control - Clean list is not working

Shervin SoAb · ‎12-13-2020

Dear all,

Background:

1. In Malware & File tab, I´ve created a New Policy and I´ve added MSEXE type in it and I choosed Block Files in Action.

2. I´ve added above New Policy in "Access Control", "Inspection" tab.

3. My Access Control worked properly and no one can download or upload EXE Files from SMB.

Problem :

I´d like just one specific EXE File to be downloaded or uploaded.

Eventhough I have calculated the HASH (SHA256) of this specific EXE File and added it to "Clear List", but still I can not upload or download it.

As far as I know, "Clear List" in only working for "AMP".

Please kindly help me to solve it.

Thanks in advance.

Marvin Rhoads · ‎12-14-2020

Help us out with some more details please - like what product version are you working with? When you try to upload or download how are you doing that? etc.

Shervin SoAb · ‎12-14-2020

Thanks for your reply.

I use virtual product (both FMC and FTD) and the version for both of them is 6.7.0

As I explained before, in my file control , I ´ve blocked the Msexe file types.

And as far as I know, clean list works with AMP and not with Controling File Transfer!!

When I deploy my Control File Transfer policy, none of the exe files could be downloaded or uploaded from SMB:

My problem is that , I want in my SMB , only one specify exe file (for example putty.exe) has permission to be downloaded or uploaded.

Please kinldly refer to following attached files.

Marvin Rhoads · ‎12-17-2020

I see. Yes - the file control policy in Firepower with Malware license (also known as AMP for Networks) is much more limited than what you get with AMP for Endpoints. I don't believe you can accomplish what you ask using only AMP for Networks.