Cisco Cisco Firepower Management Center 4000
33-19
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding and Creating File Policies
You can inspect the following types of incoming traffic for downloaded files:
•
HTTP
•
IMAP
•
POP3
•
FTP
•
NetBIOS-ssn (SMB)
You can inspect the following types of outgoing traffic for uploaded files:
•
HTTP
•
FTP
•
SMTP
•
NetBIOS-ssn (SMB)
Use
Any
to detect files over multiple application protocols, regardless of whether users are sending or
receiving.
Step 6
Select a file rule
Action
. See the
table for more information.
When you select either Block Files or Block Malware,
Reset Connection
is enabled by default. To not reset
the connection where a blocked file transfer occurs, clear the option.
Note
Cisco recommends that you leave
Reset Connection
enabled to prevent blocked application
sessions from remaining open until the TCP connection resets.
For detailed information on file rule actions, see
Note that because you cannot use a Malware license with a DC500, you cannot create file rules that use
the Block Malware or Malware Cloud Lookup action or use that appliance to apply file policies that
contain rules with those actions. Similarly, because you cannot enable a Malware license on a Series 2
device, you cannot apply a file policy containing rules with those actions to those appliances.
the Block Malware or Malware Cloud Lookup action or use that appliance to apply file policies that
contain rules with those actions. Similarly, because you cannot enable a Malware license on a Series 2
device, you cannot apply a file policy containing rules with those actions to those appliances.
Step 7
Select one or more
File Types
. Use the Shift and Ctrl keys to select multiple file types. You can filter the
list of file types in the following ways:
•
Select one or more
File Type Categories
.
•
Search for a file type by its name or description. For example, type
Windows
in the
Search name and
description
field to display a list of Microsoft Windows-specific files.
Tip
Hover your pointer over a file type to view its description.
The file types that you can use in a file rule vary depending on your selections for
Application Protocol
,
Direction of Transfer
, and
Action
.
For example, selecting
Download
as the
Direction of Transfer
removes
GIF
,
PNG
,
JPEG
,
TIFF
, and
ICO
from
the
Graphics
category to prevent an excess of file events.
Step 8
Add the selected file types to the
Selected Files Categories and Types
list:
•
Click
Add
to add selected file types to the rule.
•
Drag and drop one or more file types into the
Selected Files Categories and Types
list.
•
With a category selected, click
All types in selected Categories
, then either click
Add
or drag and drop
that selection to the
Selected Files Categories and Types
list.