11-02-2019 04:08 AM - edited 02-21-2020 09:39 AM
Sorry: I posted this message in the wrong thread. I tried to move it to Firepower or to delete it but I can't. Sorry ISE people.
When a managed device performs Local Malware Analysis on a file, it caches the verdict for x hours. Example: if file is detected as Malware, disposition is changed from Unknown to Malware and the verdict is cached for 1hr by default. If file is detected as Clean, disposition stays Unknown and the result is cached also for 1hr (according to User Guide v6.5: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/file_policies_and_advanced_malware_protection.html)
Question:
Would the FTD share with the FMC the Local Malware Analysis result? The User Guide doesn't mention if the FMC would hear the verdict of from an analysis performed locally on a FTD, thus caching that information and having it in case other FTDs query about the same hash.
Thanks
Solved! Go to Solution.
11-02-2019 04:17 AM
11-02-2019 04:17 AM
11-06-2019 08:17 PM
Thanks for letting us know. I see your new post at FTD Local Malware Analysis verdict shared with FMC?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide