Jump to content


Photo

Doing Some Tests With: Cisco Asa Firepower/amp, Immunet, Malware Bytes, Avast And Online Tool Such As Virustotal.com


  • Please log in to reply
1 reply to this topic

#1 dalma

dalma

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 02 April 2016 - 11:21 AM

Hi all,

 

I'm running a few apps on my laptop:

 

- avast antivirus

- malware bytes

- immunet

 

as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm.

 

I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files.

 

 

Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network.

 

 

One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ):

 

XXXXXXXXXXXXXXXXXXX

 

I've downloaded this exe file 3.exe and this is the result of testing:

 

Malwarebytes: malware found , trojan dropper

Avast: no threat found

Immunet: no threat found

 

Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). 

 

when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustot...902e6/analysis/

 

 

 

 

another example is the following file:

 

XXXXXXXXXXXXXXXXXX

 

results:

 

 

Malwarebytes: malware found , trojan dropper

Avast: threat detected

Immunet: malware found, W32.Generic:Gen.19e2.1201

 

 

Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup)

 

file results from virustotal.com : https://virustotal.c...8ecf4/analysis/


Edited by ritchie58, 03 April 2016 - 04:38 AM.
Deleted malware sample links.

  • ThomasMl likes this

#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 07 April 2016 - 06:46 AM

After your experimentation let us know what your findings concluded? I'd personally be interested anyway. Feel free to PM me with the data if you wish.

Best wishes, Ritchie...


* Immunet Global Forum Moderator *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users