Cisco Cisco FirePOWER Appliance 7010
33-7
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding Malware Protection and File Control
When a file is positively identified as malware, the cloud sends the threat identification to the Defense
Center. The cloud can also send other kinds of information to the Defense Center, including data on
scans, quarantines, blocked executions, and cloud recalls. The Defense Center logs this information as
malware events.
Center. The cloud can also send other kinds of information to the Defense Center, including data on
scans, quarantines, blocked executions, and cloud recalls. The Defense Center logs this information as
malware events.
•
configure custom malware detection policies and profiles for your entire organization, as well as
perform flash and full scans on all your users’ files
perform flash and full scans on all your users’ files
•
perform malware analysis, including view heat maps, detailed file information, network file
trajectory, and threat root causes
trajectory, and threat root causes
•
configure multiple aspects of outbreak control, including automatic quarantines, application
blocking to stop non-quarantined executables from running, and exclusion lists
blocking to stop non-quarantined executables from running, and exclusion lists
•
create custom protections, block execution of certain applications based on group policy, and create
custom whitelists
custom whitelists
For more information, see the following sections:
•
compares the malware protection
strategies available in the Cisco family of products.
•
explains how to establish
communications between the Defense Center and the Cisco cloud.
Tip
For detailed information on FireAMP, refer to the online help on the FireAMP portal.
Network-Based AMP vs Endpoint-Based FireAMP
License:
Malware or Any
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
The following diagram shows how you can use the Defense Center to work with data from both a
network-based advanced malware protection strategy and an endpoint-based FireAMP strategy.
network-based advanced malware protection strategy and an endpoint-based FireAMP strategy.