dalma Posted April 2, 2016 Report Share Posted April 2, 2016 Hi all, I'm running a few apps on my laptop: - avast antivirus - malware bytes - immunet as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm. I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files. Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network. One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ): XXXXXXXXXXXXXXXXXXX I've downloaded this exe file 3.exe and this is the result of testing: Malwarebytes: malware found , trojan dropper Avast: no threat found Immunet: no threat found Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustotal.com/nl/file/de98d1d714c78037d841feddf0591cf120e49b76087478650b4bfc34dd6902e6/analysis/ another example is the following file: XXXXXXXXXXXXXXXXXX results: Malwarebytes: malware found , trojan dropper Avast: threat detected Immunet: malware found, W32.Generic:Gen.19e2.1201 Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup) file results from virustotal.com : https://virustotal.com/en/file/9e021c214d6387d0152677224a35c31e186b0960a1cb89fbb5312b7323c8ecf4/analysis/ Link to comment Share on other sites More sharing options...
ritchie58 Posted April 7, 2016 Report Share Posted April 7, 2016 After your experimentation let us know what your findings concluded? I'd personally be interested anyway. Feel free to PM me with the data if you wish.Best wishes, Ritchie... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.