03-14-2020 10:27 AM
To block a sha-256 on Cisco FMC are these the steps I need to take?
Or is simply doing step 1 sufficient? @Marvin Rhoads has a great explanation HERE but if I do have to move into step 2 I don't see a way to point back to the Custom-Detection-List in step 1. Thank you for your time -Alan
Solved! Go to Solution.
03-15-2020 05:18 AM
When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.
Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.
03-15-2020 05:18 AM
When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.
Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide