cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
0
Helpful
0
Replies

FTD Local Malware Analysis verdict shared with FMC?

cpaquet
Level 1
Level 1

When a managed device performs Local Malware Analysis on a file, it caches the verdict for x hours. Example: if file is detected as Malware, disposition is changed from Unknown to Malware and the verdict is cached for 1hr by default.  If file is detected as Clean, disposition stays Unknown and the result is cached also for 1hr (according to User Guide v6.5: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/file_policies_and_advanced_malware_protection.html

 

Question: 

Would the FTD share, with its FMC, the Local Malware Analysis result? The User Guide doesn't mention if the FMC would hear the verdict of an analysis performed locally on a FTD, and thus cache that information and have it in case other FTDs query about that file SHA-256 (prior to doing themselves the Local Malware Analysis if it has been turned on).

 

Thanks

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: