Cisco Cisco Firepower Management Center 2000
27
FireSIGHT System Release Notes
Version 5.3.1.6
Known Issues
•
In some cases, if your Defense Center has a file list with
SHA-256
file entries and you add a Defense
Center in high availability configuration, the secondary Defense Center in the high availability
configuration deletes the existing file list data. (CSCur57708)
configuration deletes the existing file list data. (CSCur57708)
•
In some cases, if you create a new report template with a static time window, the system may not
correctly save the time. (CSCur61984)
correctly save the time. (CSCur61984)
•
You cannot import system-provided Security Intelligence objects to a device that already has
system-provided Security Intelligence objects. (CSCur78753)
system-provided Security Intelligence objects. (CSCur78753)
•
Resolved an issue where latency may occur on devices with nonpassive interfaces during Snort
restart. (CSCus13247)
restart. (CSCus13247)
•
The system does not support resetting the password for the admin user on an ASA5585-X device.
(CSCus17991)
(CSCus17991)
•
If you select Enable Remote Storage of Reports from the Reports page (Overview > Reporting
> Reports) with the Server Message Block (SMB) protocol enabled, the
> Reports) with the Server Message Block (SMB) protocol enabled, the
$User, Host Report:
$Host
,
Attack Report: $Attack SID
, and
Sourcefire FireSIGHT Report: $Customer Name
templates fail to generate reports due to unsupported characters in the report names. (CSCus21871)
•
In some cases, if you create a file policy containing a Web Application category and a Block
Malware rule, the system will not block files identified as malware if the Block Malware rule is
positioned after the Web Application category. As a workaround, position the Block Malware rule
before the Web Application category. (CSCus64526)
Malware rule, the system will not block files identified as malware if the Block Malware rule is
positioned after the Web Application category. As a workaround, position the Block Malware rule
before the Web Application category. (CSCus64526)
•
In some cases, if you place an access control rule referencing a file policy after an access control
rule with a web application, the traffic matching the file policy is not identified. As a workaround,
position the rule containing the file policy before the rule with the web application.
(CSCus64393,CSCus64526)
rule with a web application, the traffic matching the file policy is not identified. As a workaround,
position the rule containing the file policy before the rule with the web application.
(CSCus64393,CSCus64526)
•
In some cases, if you store details in the Clipboard page and create an incident and
Add all to incident
,
generate a report from the new incident, then attempt to create a new incident, you are able to add
previous clipboard contents to the new incident even though the
previous clipboard contents to the new incident even though the
Events in your clipboard
section of the
Incidents page (
Analysis
>
Intrusion
>
Incidents
) is empty. (CSCus67128)
•
In some cases, If your system includes an SSL Visibility Appliance (SSLVA) device and you create
a file policy containing a Web Application category and a Block Malware rule, your first attempt to
download a file over HTTPS may fail. As a workaround, disable the file policy. (CSCus72505)
a file policy containing a Web Application category and a Block Malware rule, your first attempt to
download a file over HTTPS may fail. As a workaround, disable the file policy. (CSCus72505)
•
In some cases, if you create an access control policy with a rule set to block an object group
containing URLs, the system does not block traffic related to the contained URL objects. As a
workaround, include the URL(s) to be blocked as individual URL object(s) in the access control rule
instead of the object group. (CSCus77551)
containing URLs, the system does not block traffic related to the contained URL objects. As a
workaround, include the URL(s) to be blocked as individual URL object(s) in the access control rule
instead of the object group. (CSCus77551)
•
In some cases, if you apply an access control policy to multiple managed devices, the system
incorrectly displays the policy status as
incorrectly displays the policy status as
pending
when the policy was successfully applied. As a
workaround, edit and save the policy, then reapply. (CSCus86011)
•
In some cases, if you create an user role, the system may not enable some checkboxes but the options
available under the disabled checkboxes are enabled. (CSCus87248)
available under the disabled checkboxes are enabled. (CSCus87248)
•
If you remove the LSI RegEx card from the top blade of an ASA5585 device, you cannot install the
ASA FirePOWER module. (CSCus89754)
ASA FirePOWER module. (CSCus89754)
•
In some cases, if the Defense Center experiences a large amount of data, restoring a backup may
fail. (CSCus91552)
fail. (CSCus91552)
•
In some cases, if your system experiences a network disruption during a policy apply, and you later
attempt to deactivate an unused detector on the Application Detector page (Policies > Application
Detectors), the system generates a
attempt to deactivate an unused detector on the Application Detector page (Policies > Application
Detectors), the system generates a
Failed to deactivate 1 detectors because they are
detecting applications used by applied Access Control policies
error. (CSCus91892)