Cisco Cisco FirePOWER Appliance 7020 Notas de publicación
Version 5.3.0.3
Sourcefire 3D System Release Notes
41
Features Introduced in Previous Versions
detection list in combination with the clean list, which lets you mark specific files
as clean.
Together, the custom file detection list and clean list help you customize your
Together, the custom file detection list and clean list help you customize your
malware protection approach to your specific environment. The custom file
detection list and clean list are included by default in every file policy, and you can
opt not to use either or both lists on a per-policy basis.
Spero Engine
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
The Spero engine feature provided another cloud-based method for detecting
suspicious and potentially new malware in executable files using big data. Spero
creates a signature of an executable file based on the structural information of
that file, the dynamic-link libraries (DLL) that are referenced, and the metadata
from the Portable Executable (PE) header. This feature print then runs through the
machine learned data trees for analysis and determines whether the file contains
malware. The Spero analysis result is considered jointly with the file disposition to
generate a final disposition for the executable file.
SMB File Detection
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
As of Version 5.3, you can now detect, inspect, and block files transferred in
NetBIOS-ssn traffic, including files transferred over Server Message Block (SMB).
AMP Cloud Connectivity
L
ICENSE
: Malware, URL Filtering
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Prior to Version 5.3, to connect to the Sourcefire cloud you had to use TCP Port
32137 and a direct connection from the Defense Center to the cloud.
Version 5.3 introduced proxy support for connecting to the Sourcefire cloud to do
Version 5.3 introduced proxy support for connecting to the Sourcefire cloud to do
malware detection and dynamic analysis. Previously, you had to use TCP port
32137, but now the default connection is made over TCP port 443 to allow more
organizations to connect and use Sourcefire’s advanced malware intelligence.
Use of port 32137 is still supported, but is no longer the default.
Note that if you are updating to Version 5.3 from a previous version of the
Note that if you are updating to Version 5.3 from a previous version of the
Sourcefire 3D System, use of legacy port 32137 is enabled by default. If you want
to connect via port 443 after updating, deselect the checkbox on the Cloud
Services page (System > Local > Configuration > Cloud Services).