https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3313734#M4188 <P>Hi,</P> <P>&nbsp;</P> <P>I have created a malware file policy to block malware for PDF &amp; Executables.</P> <P>When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered"</P> <P>The acl has a destination port of UDP-6064.</P> <P>&nbsp;</P> <P>I have no issues when applying the malware policy to acls with destination TCP ports.</P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> <P>&nbsp;</P> <P>thanks</P> <P>&nbsp;</P> <P>Ian</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 09 Mar 2019 01:46:13 GMT iwearing 2019-03-09T01:46:13Z https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3313734#M4188 <P>Hi,</P> <P>&nbsp;</P> <P>I have created a malware file policy to block malware for PDF &amp; Executables.</P> <P>When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered"</P> <P>The acl has a destination port of UDP-6064.</P> <P>&nbsp;</P> <P>I have no issues when applying the malware policy to acls with destination TCP ports.</P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> <P>&nbsp;</P> <P>thanks</P> <P>&nbsp;</P> <P>Ian</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 09 Mar 2019 01:46:13 GMT https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3313734#M4188 iwearing 2019-03-09T01:46:13Z https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3314381#M4291 <P>Hello,</P> <P>&nbsp;</P> <P>I am not sure, what do you mean with policy to block all PDF and executables.</P> <P>&nbsp;</P> <P>If we get to the AMP console, you can blacklist a specific file SHA. You can block network connection e.g. specific ports, CIDR IP block or specifig IP address.</P> <P>Did you try any of these?</P> <OL> <LI>Outbreak control &gt; Custom detections</LI> <LI>Outbreak control &gt; Application blocking</LI> <LI>Outbreak control &gt; Network &gt; IP blacklist</LI> </OL> <P>Regards</P> <P>David</P> Fri, 19 Jan 2018 10:47:43 GMT https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3314381#M4291 David Janulik 2018-01-19T10:47:43Z https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3314446#M4293 <P>Hello David,</P> <P>&nbsp;</P> <P>Please see the attachment of an example Malware File Policy created on FMC. I should have referenced Executables and PDF as the file type category.</P> <P>&nbsp;</P> <P>When I attach the Malware File Policy to the Access Control Policy I then receive warnings " configured ports will prevent the file policy from being triggered".</P> <P>&nbsp;</P> <P>regards</P> <P>&nbsp;</P> <P>Ian</P> Fri, 19 Jan 2018 12:36:43 GMT https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3314446#M4293 iwearing 2018-01-19T12:36:43Z https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3734031#M4295 <P>Hi, I found this message is show when you use UDP and ICMP as destination ports. That's because this policy only applies in TCP ports.</P> Fri, 26 Oct 2018 22:36:55 GMT https://community.cisco.com/t5/endpoint-security/ftd-malware-file-policy/m-p/3734031#M4295 jcorrea1 2018-10-26T22:36:55Z