collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Last Local Malware Detection  (Read 9004 times)

Offline Pacerfan9

  • Cisco Newbie
  • *
  • Posts: 9
  • Reputation: 2
  • Certification: CCNP
Last Local Malware Detection
« on: March 22, 2016, 02:31:39 PM »
Under System, Integration, AMP for Networks my FireSIGHT reports the Last Local Malware Detection Update as Thu Jan 28 18:13:40 2016. Is that correct?

If not is there a way to force or schedule an auto update? Everything else on my system (rules, geolocation) seems to be updating correctly. I just updated to FireSIGHT 6.0.1 and still have the same results.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Last Local Malware Detection
« Reply #1 on: March 23, 2016, 07:40:20 PM »
Was that around the same time you had the system installed? If so, it probably never got updated. Check System > Health > Events and see if you can spot AMP for Firepower Status event.

Offline Pacerfan9

  • Cisco Newbie
  • *
  • Posts: 9
  • Reputation: 2
  • Certification: CCNP
Re: Last Local Malware Detection
« Reply #2 on: March 24, 2016, 10:05:32 AM »
That could be the date I originally installed FireSIGHT.

I see numerous entries for AMP for Firepower Status where it says Successfully connected to cloud. The value is 0.

Under System, Integration, does your AMP for Networks have a more current date?

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Last Local Malware Detection
« Reply #3 on: March 24, 2016, 08:50:54 PM »
One I have actually keeps failing the update. It is dated back to December. Will need to see why it is not connecting.

Offline Pacerfan9

  • Cisco Newbie
  • *
  • Posts: 9
  • Reputation: 2
  • Certification: CCNP
Re: Last Local Malware Detection
« Reply #4 on: April 14, 2016, 06:42:26 PM »
I opened a TAC case for this and the engineer experienced the same behavior on multiple lab devices running 6.0.x. He reached out to a FireAMP expert and said “the local analysis engine doesn't need to be updated often and the appliances themselves will check for updates about every hour or so, if they are available.”
He didn't see anything in the logs indicating that there are any issues with this and has confirmed that the device is checking for updates, there just aren't any new updates available at this time.

Seems odd to me the system is configured to check for updates every 30 minutes and no updates have been released in months but I will have to go with his answer since nothing else indicates there is an actual problem.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Last Local Malware Detection
« Reply #5 on: April 14, 2016, 11:23:38 PM »
Thanks Pacerfan9 for reporting back on this. It seems that all FP deployments would behave the same way and I am sure a lot of users would notice and ask the same question. Like TAC said, this is Local Malware Detection which may tend to be more static and require less frequent update, but you would think there should be an update at least once a month right??

 

Related Topics

  Subject / Started by Replies Last post
6 Replies
11684 Views
Last post July 18, 2014, 06:35:15 PM
by spark_rod
3 Replies
10457 Views
Last post June 25, 2015, 09:43:21 PM
by MC
1 Replies
6390 Views
Last post February 12, 2017, 09:07:00 PM
by MC
1 Replies
27263 Views
Last post July 16, 2018, 08:23:09 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal