Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2803
Views
0
Helpful
3
Replies

WSA block file by filehash

Go to solution
tamaszoltan
Level 1
Level 1

‎04-25-2018 04:01 AM - edited ‎03-08-2019 07:44 PM

Hello,

 

Is it possible to block download files by file hash somehow on the WSA?

 

Thanks!

Regards,

Zoltan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎04-25-2018 03:57 PM

Hi Zoltan,

 

I believe, WSA unable to block access/download based on file hash manually.

 

WSA does has File Analysis and File Reputation engine (AMP) and this is separate license, however this engine will only scans file downloads and give analysis and reputation of the file based on SHA value and at the moment can only perform scans for certain file types only such as Adobe, and Microsoft office files, Windows/DOS Executable. The only configuration can user perform for this scanning is to either monitor or block based on the scan verdict.

 

Regards

Handy Putra

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎04-25-2018 03:57 PM

Hi Zoltan,

 

I believe, WSA unable to block access/download based on file hash manually.

 

WSA does has File Analysis and File Reputation engine (AMP) and this is separate license, however this engine will only scans file downloads and give analysis and reputation of the file based on SHA value and at the moment can only perform scans for certain file types only such as Adobe, and Microsoft office files, Windows/DOS Executable. The only configuration can user perform for this scanning is to either monitor or block based on the scan verdict.

 

Regards

Handy Putra

0 Helpful

Go to solution
tamaszoltan
Level 1
Level 1
In response to Handy Putra

‎04-26-2018 05:08 AM

Hello Handy,

 

Thanks for your response.

 

Regards,

Zoltan

0 Helpful

Go to solution
Sapan Goel
Cisco Employee
Cisco Employee
In response to tamaszoltan

‎04-26-2018 11:17 PM

Hi Zoltan, In addition to what Handy mentioned, we are working on Integrating WSA with AMP Unity. This is targeted for WSA 11.5 release and is expected to be available for Limited Deployment (LD) in the month of May. Using AMP unity you can define File Hash that you want to block on WSA. This will work only if you have AMP on WSA license. Once the LD release is available, do reach out to TAC if you are interested in trying out this feature in Limited Deployment.

 

Thanks

Sapan

 

0 Helpful
Customers Also Viewed These Support Documents