cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1518
Views
0
Helpful
1
Replies

Intelligence Application Bypass

msanclimenti
Level 1
Level 1

My customer is receiving alerts for the PkgCatalog.z file. The customer is telling me it is a McAfee file. I cannot create a Clean List for this file since the hash is always changing. I am attempting to use IAB so I can trust the file and eliminate the file alerts. I have configured IAB with the only two Available Application choices, McAfee and McAfee AutoUpdate. I have the flow options low so the file can trigger at least one of the option for the FMC to evaluate the file and trust the file. So far, this has not worked.

I would like to know if anyone has used IAB with McAfee? If I am going in the wrong direction, any suggestions would be greatly appreciated. Thanks.

1 Reply 1

hassan.mehsen
Level 1
Level 1

IAB is not used for such scenarios, usually IAB identifies applications that you trust to traverse your network without further inspection if performance and flow thresholds are exceeded. For example, if a nightly backup significantly impacts system performance, you can configure thresholds that, if exceeded, trust traffic generated by your backup application.

 

What i recommend you to do is to trust  Mcafee as an application by using  application filter with an access policy.

 

 

Review Cisco Networking for a $25 gift card