Jump to content

Doing Some Tests With: Cisco Asa Firepower/amp, Immunet, Malware Bytes, Avast And Online Tool Such As Virustotal.com


Recommended Posts

Hi all,


I'm running a few apps on my laptop:


- avast antivirus

- malware bytes

- immunet


as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm.


I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files.



Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network.



One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ):




I've downloaded this exe file 3.exe and this is the result of testing:


Malwarebytes: malware found , trojan dropper

Avast: no threat found

Immunet: no threat found


Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). 


when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustotal.com/nl/file/de98d1d714c78037d841feddf0591cf120e49b76087478650b4bfc34dd6902e6/analysis/





another example is the following file:







Malwarebytes: malware found , trojan dropper

Avast: threat detected

Immunet: malware found, W32.Generic:Gen.19e2.1201



Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup)


file results from virustotal.com : https://virustotal.com/en/file/9e021c214d6387d0152677224a35c31e186b0960a1cb89fbb5312b7323c8ecf4/analysis/

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...