- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2020 10:27 AM
To block a sha-256 on Cisco FMC are these the steps I need to take?
- Add sha-256 to Objects >> File List >> Custom-Detection-List
- Add File List (somehow) to Policies >>Access Control >> Malware & File >> Malware Block
- Add Malware Block to Policies >> Access Control >> My production Access Control List
Or is simply doing step 1 sufficient? @Marvin Rhoads has a great explanation HERE but if I do have to move into step 2 I don't see a way to point back to the Custom-Detection-List in step 1. Thank you for your time -Alan
Step 1
Step 2
Step 2 (continued)
Step 3
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2020 05:18 AM
When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.
Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2020 05:18 AM
When you create (and assign via your Access Control Policy) a file rule with the action of "Block Malware" (as you have) or "Malware Cloud Lookup" and hit a matching file type, Firepower will automatically check for a match in the customer file list you've created.
Think of it kind of like Cisco's Security Intelligence feed for IP blacklist. As long as you're evaluating the traffic, it's automatically checked.
