Cisco Cisco FirePOWER Appliance 7110
13-20
FireSIGHT System User Guide
Chapter 13 Using Access Control Policies
Configuring Policies
Table 13-6
Advanced Access Control File and Malware Detection Options
Field
Description
Default Value
Range
Notes
Limit the number of
bytes inspected
when doing file
type detection
bytes inspected
when doing file
type detection
Specify the number of
bytes inspected when
performing file type
detection.
bytes inspected when
performing file type
detection.
1460
bytes, or
the maximum
segment size of
a TCP packet
segment size of
a TCP packet
0
-
4294967295
(4GB)
Set this equal to 0 to remove the
restriction altogether.
restriction altogether.
In most cases, the system can identify
common file types using the first
packet.
common file types using the first
packet.
Do not calculate
SHA-256 hash
values for files
larger than (in
bytes)
SHA-256 hash
values for files
larger than (in
bytes)
Prevent the system from
storing files larger than a
certain size, performing
a Collective Security
Intelligence Cloud
lookup on the files, or
blocking the files if
added to the custom
detection list.
storing files larger than a
certain size, performing
a Collective Security
Intelligence Cloud
lookup on the files, or
blocking the files if
added to the custom
detection list.
10485760
(10MB)
0
-
4294967295
(4GB)
Set this equal to 0 to remove the
restriction altogether.
restriction altogether.
This value must be greater than or equal
to
to
Maximum file size to store (bytes)
and
Maximum file size for dynamic analysis
testing (bytes)
testing (bytes)
.
Allow file if cloud
lookup for Block
Malware takes
longer than
(seconds)
lookup for Block
Malware takes
longer than
(seconds)
Specify how long the
system will hold the last
byte of a file that
matches a
system will hold the last
byte of a file that
matches a
Block Malware
rule and that does not
have a cached
disposition, while
malware cloud lookup
occurs. If the time
elapses without the
system obtaining a
disposition, the file
passes.
have a cached
disposition, while
malware cloud lookup
occurs. If the time
elapses without the
system obtaining a
disposition, the file
passes.
2
seconds
0
-
30
seconds
Dispositions of Unavailable are not
cached.
cached.
Although this option accepts values of
up to
up to
30
seconds, Cisco recommends
that you use the default value to avoid
blocking traffic because of connection
failures. Do not set a value of
blocking traffic because of connection
failures. Do not set a value of
0
for this
option without first contacting Support.
Minimum file size
to store (bytes)
to store (bytes)
Specify the minimum
file size the system can
store using a file rule.
file size the system can
store using a file rule.
6144
(6KB)
0 -
10485760
(10MB)
Set this equal to 0 to disable file
storage.
storage.
This field must be less than or equal to
Maximum file size to store (bytes)
and
Do
not calculate SHA-256 hash values for files
larger than (in bytes)
larger than (in bytes)
.
Maximum file size
to store (bytes)
to store (bytes)
Specify the maximum
file size the system can
store using a file rule.
file size the system can
store using a file rule.
1048576
(1MB)
0 -
10485760
(10MB)
Set this equal to 0 to disable file
storage.
storage.
This field must be greater than or equal
to
to
Minimum file size to store (bytes)
, and
less than or equal to
Do not calculate
SHA-256 hash values for files larger than (in
bytes)
bytes)
.