https://community.cisco.com/t5/endpoint-security/archives-not-detected/m-p/3467277#M3123 <HTML><HEAD></HEAD><BODY><P>What do you mean by saying the tests for encrypted files fail? </P><P>If you're referring to downloading files through HTTPS, the contents may not be visible, unless you've configured the device to perform decryption. If you speak about encrypted archives, there's a policy (Advanced tab) action to block files, that cannot be inspected. </P><P>It's all documented in the config guide: <A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html" title="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html">Firepower Management Center Configuration Guide, Version 6.2 - File Policies and AMP for Firepower [Cisco Firepower Ma…</A></P></BODY></HTML> Sat, 10 Feb 2018 15:10:50 GMT emirolyu 2018-02-10T15:10:50Z https://community.cisco.com/t5/endpoint-security/archives-not-detected/m-p/3467276#M3122 <HTML><HEAD></HEAD><BODY><P style="font-size: 13.3333px;">Hi,</P><P style="font-size: 13.3333px;">i'm testing&nbsp; cisco firepower AMP,&nbsp; it is correct that with a&nbsp; "malware block" policy&nbsp; in AMP&nbsp; all tests&nbsp;&nbsp; with ecrypted files fail ?</P><P style="font-size: 13.3333px;">i using this site:</P><P style="font-size: 13.3333px;">metal.fortiguard.com</P><P style="font-size: 13.3333px;"></P><P style="font-size: 13.3333px;">it seems to block only plain, tar and cab files.</P></BODY></HTML> Fri, 21 Feb 2020 05:05:23 GMT https://community.cisco.com/t5/endpoint-security/archives-not-detected/m-p/3467276#M3122 apepacisco 2020-02-21T05:05:23Z https://community.cisco.com/t5/endpoint-security/archives-not-detected/m-p/3467277#M3123 <HTML><HEAD></HEAD><BODY><P>What do you mean by saying the tests for encrypted files fail? </P><P>If you're referring to downloading files through HTTPS, the contents may not be visible, unless you've configured the device to perform decryption. If you speak about encrypted archives, there's a policy (Advanced tab) action to block files, that cannot be inspected. </P><P>It's all documented in the config guide: <A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html" title="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/file_policies_and_amp_for_firepower.html">Firepower Management Center Configuration Guide, Version 6.2 - File Policies and AMP for Firepower [Cisco Firepower Ma…</A></P></BODY></HTML> Sat, 10 Feb 2018 15:10:50 GMT https://community.cisco.com/t5/endpoint-security/archives-not-detected/m-p/3467277#M3123 emirolyu 2018-02-10T15:10:50Z