Cisco Cisco Firepower Management Center 2000
Version 5.3.0.2
Sourcefire 3D System Release Notes
38
Features Introduced in Previous Versions
Custom Detection
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Custom file detection can be used to identify and block any files moving around
your network, even if Sourcefire has not identified the file as malicious. You do
not need a cloud connection to perform these lookups, so custom file detection is
ideal for use with any type of private intelligence data you have.
If you have identified a malicious file, you can automatically block it by adding its
If you have identified a malicious file, you can automatically block it by adding its
unique SHA-256 value to the custom file detection list. You can use the custom
detection list in combination with the clean list, which lets you mark specific files
as clean.
Together, the custom file detection list and clean list help you customize your
Together, the custom file detection list and clean list help you customize your
malware protection approach to your specific environment. The custom file
detection list and clean list are included by default in every file policy, and you can
opt not to use either or both lists on a per-policy basis.
Spero Engine
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
The Spero engine feature provided another cloud-based method for detecting
suspicious and potentially new malware in executable files using big data. Spero
creates a signature of an executable file based on the structural information of
that file, the dynamic-link libraries (DLL) that are referenced, and the metadata
from the Portable Executable (PE) header. This feature print then runs through the
machine learned data trees for analysis and determines whether the file contains
malware. The Spero analysis result is considered jointly with the file disposition to
generate a final disposition for the executable file.
generate a final disposition for the executable file.
SMB File Detection
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
As of Version 5.3, you can now detect, inspect, and block files transferred in
NetBIOS-ssn traffic, including files transferred over Server Message Block (SMB).