Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System Release Notes
4
New and Updated Features and Functionality
detection list and clean list are included by default in every file policy, and you can
opt not to use either or both lists on a per-policy basis.
Spero Engine
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
The Spero engine feature provides another cloud-based method for detecting
suspicious and potentially new malware in executable files using big data. Spero
creates a signature of an executable file based on the structural information of
that file, the dynamic-link libraries (DLL) that are referenced, and the metadata
from the Portable Executable (PE) header. This feature print then runs through the
machine learned data trees for analysis and determines whether the file contains
malware. The Spero analysis result is considered jointly with the file disposition to
generate a final disposition for the executable file.
SMB File Detection
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
As of Version 5.3, you can now detect, inspect, and block files transferred in
NetBIOS-ssn traffic, including files transferred over Server Message Block (SMB).
AMP Cloud Connectivity
L
ICENSE
: Malware, URL Filtering
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Prior to Version 5.3, to connect to the Sourcefire cloud you had to use TCP Port
32137 and a direct connection from the Defense Center to the cloud.
Version 5.3 introduces proxy support for connecting to the Sourcefire cloud to do
Version 5.3 introduces proxy support for connecting to the Sourcefire cloud to do
malware detection and dynamic analysis. Previously, you had to use TCP port
32137, but now the default connection is made over TCP port 443 to allow more
organizations to connect and use Sourcefire’s advanced malware intelligence.
Use of port 32137 is still supported, but is no longer the default.
Note that if you are updating to Version 5.3 from a previous version of the
Note that if you are updating to Version 5.3 from a previous version of the
Sourcefire 3D System, use of legacy port 32137 is enabled by default. If you want
to connect via port 443 after updating, deselect the checkbox on the Cloud
Services page (System > Local > Configuration > Cloud Services).