Cisco Cisco Firepower Management Center 4000
Version 5.2.0.5
Sourcefire 3D System Release Notes
34
Features Introduced in Previous Versions
•
If Greenwich Mean Time (GMT, also known as UTC) is not your local
timezone, scheduled geolocation database (GeoDB) updates may fail. If
your local timezone is +X number of hours from GMT, schedule GeoDB
updates for
X:00
or later. If your local timezone is -X number of hours from
GMT, schedule GeoDB updates for
(24:00 - X)
or earlier. For example, if
your local timezone is UTC-5, schedule updates before
19:00
local time.
(135756)
Features Introduced in Previous Versions
Functionality described in previous versions may be superseded by other new
functionality or updated through resolved issues.
5.2.x.x
No new features were introduced in Versions 5.2.0.1, 5.2.0.2, 5.2.0.3, or 5.2.0.4.
5.2
The following new features and functionality were introduced in Version 5.2:
Advanced Malware Protection
Version 5.2 adds two new features to enhance the malware protection
capabilities of the Sourcefire 3D System: malware blocking and network file
trajectory.
Malware Blocking
The Sourcefire 3D System network-based advanced malware detection
capabilities added in Version 5.1.1 identifies individual files as they enter your
network, creates a fingerprint of each file, checks the fingerprint against the
Sourcefire cloud to determine the disposition of the file, and alerts you to files
identified as malware.
With the addition of malware blocking in Version 5.2, the Sourcefire 3D System
With the addition of malware blocking in Version 5.2, the Sourcefire 3D System
now provides advanced malware protection (AMP). You can now configure file
policies to block transfer of known malware files.
Based on the disposition of each detected file and the rules you set in your file
Based on the disposition of each detected file and the rules you set in your file
policies, the Defense Center instructs a managed device either to block the file or
to allow its upload or download. To improve performance, if the system already
knows the disposition for a file based on its SHA-256 hash value, the Defense
Center uses a cached disposition rather than querying the Sourcefire cloud.
If necessary, you can override dispositions from the cloud on a file-by-file basis
If necessary, you can override dispositions from the cloud on a file-by-file basis
with the global malware whitelist. If a file has a disposition in the cloud that you
know to be incorrect, you can add the file’s SHA-256 value to the whitelist. When