Doing Some Tests With: Cisco Asa Firepower/amp, Immunet, Malware Bytes, Avast And Online Tool Such As Virustotal.com

[dalma]

Hi all,

 

I'm running a few apps on my laptop:

 

- avast antivirus

- malware bytes

- immunet

 

as a hw firewall i'm running a ASA5506X platform with firepower services. it's latest software version Firepower Threat Defense (FTD) version 6.0.1. I configured it through the Firepower Management Center also running on my laptop in a vm.

 

I've turned on every option on my ASA firewall, running full blown AMP (Anti Malware Protection, cloud malware lookup, spero analysis, etc.) and lowered the threat score (as a result possibly more false positives) just to make sure I don't miss any files.

 

 

Now, I searched a few websites sharing pieces of malware for testing purposes and I end up with mixed results. I find it weird and perhaps a but disappointing the ASA isn't blocking these files from entering the network.

 

 

One solution detects it, the other one doesn't. To give you an example ( and of course do not execute these files ):

 

XXXXXXXXXXXXXXXXXXX

 

I've downloaded this exe file 3.exe and this is the result of testing:

 

Malwarebytes: malware found , trojan dropper

Avast: no threat found

Immunet: no threat found

 

Cisco ASA with FTD 6.0.1 : no threat found (current disposition unknown, malware cloud lookup). 

 

when I check the same file on virustotal.com I do get some hits. see full list: https://www.virustotal.com/nl/file/de98d1d714c78037d841feddf0591cf120e49b76087478650b4bfc34dd6902e6/analysis/

 

 

 

 

another example is the following file:

 

XXXXXXXXXXXXXXXXXX

 

results:

 

 

Malwarebytes: malware found , trojan dropper

Avast: threat detected

Immunet: malware found, W32.Generic:Gen.19e2.1201

 

 

Cisco ASA with FTD 6.0.1 : no threat found, current disposition is unknown (after malware cloud lookup)

 

file results from virustotal.com : https://virustotal.com/en/file/9e021c214d6387d0152677224a35c31e186b0960a1cb89fbb5312b7323c8ecf4/analysis/

[ritchie58]

After your experimentation let us know what your findings concluded? I'd personally be interested anyway. Feel free to PM me with the data if you wish.

Best wishes, Ritchie...