Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
0
Helpful
2
Replies

Stop receiving Apache Malware Outside to Inside Events when inside server does not run Apache

evan.chadwick1
Level 1
Level 1

‎01-18-2018 02:19 PM - edited ‎02-21-2020 07:10 AM

Hi Folks, 

I have an internal server that does not run Apache, it can be reached from external via port 80/443.

I get a malware event alerts for dropped traffic from Outside to Inside for an inside server that does not have Apache installed. I thought that Firepower trimmed such alerts out for end hosts that do not have certain software installed?

To reduce such alerts for things that are not installed on a host, should I create host profiles for servers that only run a few things and strictly tell Firepower what I care about rather than rely upon what Firepower has determined itself?

 

Labels:
0 Helpful
2 Replies 2

mikael.lahtela
Level 4
Level 4

‎01-19-2018 10:39 AM

Hi,

Is this a File event, SI event or IPS event?
If IPS do you run the Firepower recommended settings in IPS in scheduled or manual updates?
Is the server host profile correct in FMC?

br, Micke
0 Helpful

evan.chadwick1
Level 1
Level 1
In response to mikael.lahtela

‎07-12-2019 03:36 AM

It was an IPS event. 

I manually set the OS to force it.

I run FP recommendations and refresh them weekly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card