dalma Posted April 2, 2016 Report Share Posted April 2, 2016 Hi all, I'm running a few apps on my laptop: - avast antivirus - malware bytes - immunet as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm. I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files. Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network. One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ): XXXXXXXXXXXXXXXXXXX I've downloaded this exe file 3.exe and this is the result of testing: Malwarebytes: malware found , trojan dropper Avast: no threat found Immunet: no threat found Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustotal.com/nl/file/de98d1d714c78037d841feddf0591cf120e49b76087478650b4bfc34dd6902e6/analysis/ another example is the following file: XXXXXXXXXXXXXXXXXX results: Malwarebytes: malware found , trojan dropper Avast: threat detected Immunet: malware found, W32.Generic:Gen.19e2.1201 Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup) file results from virustotal.com : https://virustotal.com/en/file/9e021c214d6387d0152677224a35c31e186b0960a1cb89fbb5312b7323c8ecf4/analysis/ Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.