Jump to content
dalma

Doing Some Tests With: Cisco Asa Firepower/amp, Immunet, Malware Bytes, Avast And Online Tool Such As Virustotal.com

Recommended Posts

Hi all,

 

I'm running a few apps on my laptop:

 

- avast antivirus

- malware bytes

- immunet

 

as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm.

 

I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files.

 

 

Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network.

 

 

One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ):

 

XXXXXXXXXXXXXXXXXXX

 

I've downloaded this exe file 3.exe and this is the result of testing:

 

Malwarebytes: malware found , trojan dropper

Avast: no threat found

Immunet: no threat found

 

Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). 

 

when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustotal.com/nl/file/de98d1d714c78037d841feddf0591cf120e49b76087478650b4bfc34dd6902e6/analysis/

 

 

 

 

another example is the following file:

 

XXXXXXXXXXXXXXXXXX

 

results:

 

 

Malwarebytes: malware found , trojan dropper

Avast: threat detected

Immunet: malware found, W32.Generic:Gen.19e2.1201

 

 

Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup)

 

file results from virustotal.com : https://virustotal.com/en/file/9e021c214d6387d0152677224a35c31e186b0960a1cb89fbb5312b7323c8ecf4/analysis/

Edited by ritchie58
Deleted malware sample links.
  • Like 1

Share this post


Link to post
Share on other sites

After your experimentation let us know what your findings concluded? I'd personally be interested anyway. Feel free to PM me with the data if you wish.

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×