Cisco Cisco Firepower Management Center 4000

Malware

Series 3, Virtual, X-Series, ASA FirePOWER

Any except DC500

You can submit a file’s SHA-256 value to add it to a file list. You cannot add duplicate SHA-256 values.

Right-click a file or malware event from the event view and select 

 in the context menu to 

view and copy the full SHA-256 value for the file.

Admin/Network Admin

On the object manager’s File List page, click the edit icon (

) next to the clean list or custom detection 

list where you want to add a file.

The File List pop-up window appears.

Select 

Enter SHA Value 

from the 

 field.

The pop-up window updates to include new fields.

Enter a description of the source file in the 

 field. 

Type or paste the file’s entire 

 value. The system does not support matching partial values.

Click 

 to add the file.

The file is added to the file list. 

Click 

. 

Reapply all access control policies with file policies that use the file list.

After the policies apply, the system no longer performs malware cloud lookups on files in the file list.

Malware

Series 3, Virtual, X-Series, ASA FirePOWER

Any except DC500

You can edit or delete individual SHA-256 values on a file list. Note that you cannot directly edit a source 
file within the object manager. To make changes, you must first modify your source file directly, delete 
the copy on the system, then upload the modified source file. See 

 for more information. To edit a file on a file list:

Admin/Network Admin

On the object manager’s File List page, click the edit icon (

) next to the clean list or custom detection 

list where you want to modify a file.