Cisco Cisco Firepower Management Center 2000

The Edit Shared Profiles page appears. The fields on the page are pre-populated based on the information 
in the host profile you accessed.

Modify and save the shared host profile according to your specific needs.

For more information on creating shared host profiles for compliance white lists, see 

FireSIGHT and Malware

The Most Recent Malware Detections section lists the most recent malware events where the host sent 
or received a malware file, up to 100 events. The host profile lists both network-based and 
endpoint-based malware events.

If the host is involved in a file event where the file is then retrospectively identified as malware, the 
original events where the file was transmitted appear in the malware detections list after the malware 
identification occurs. When a file identified as malware is retrospectively determined not to be malware, 
the malware events related to that file no longer appear in the list. For example, if a file has a disposition 
of 

Malware

 and that disposition changes to 

Clean

, the event for that file is removed from the malware 

detections list on the host profile. For more information on malware events, see 

Description of the columns in the Most Recent Malware Detections sections of the host profile follow.

The date and time the event was generated. 

For an event where the file was retrospectively identified as malware, note that this is the time of the 
original event, not the time when the malware was identified.

The host’s role in the transmission of detected malware, either sender or receiver. Note that for 
endpoint-based malware events, the host is always the receiver.

The name of the detected malware.

The name of the malware file.

The type of file; for example, 

PDF

 or 

MSEXE

.

When viewing malware detections in the host profile, you can view malware events for that host in the 
event viewer. To view events, click the malware icon (

).

FireSIGHT