https://community.cisco.com/t5/network-security/block-malware-only-using-local-malware-analysis/m-p/3224775#M926407 <P>has anyone tried blocking malware just with local malware analysis enabled in the file policy.</P> <P>&nbsp;</P> <P>Vaibhav</P> Thu, 30 Nov 2017 00:24:17 GMT vaibhav.parlekar1 2017-11-30T00:24:17Z https://community.cisco.com/t5/network-security/block-malware-only-using-local-malware-analysis/m-p/3223393#M926406 <P>Hi,</P> <P>As per the documentation FireAMP blocks malware based on known hash and Firepower and can hold the file for 30 secs to get the verdict. In case if the verdict is unknown by FireAMP then can we use the ClamAV engine which is part of local malware analysis to block the malware inline on the network. Or is the file already sent in the network post FireAMP lookup.</P> <P>&nbsp;</P> <P>We are trying to reduce the no. of unknown files in the network and block them at the network level. I see the block malware option in the file-blocking policy with local malware analysis option. Just wanted to confirm before enabling the check.</P> <P>&nbsp;</P> <P>Any help on the same is appreciated.</P> <P>Vaibhav</P> Fri, 21 Feb 2020 14:50:19 GMT https://community.cisco.com/t5/network-security/block-malware-only-using-local-malware-analysis/m-p/3223393#M926406 vaibhav.parlekar1 2020-02-21T14:50:19Z https://community.cisco.com/t5/network-security/block-malware-only-using-local-malware-analysis/m-p/3224775#M926407 <P>has anyone tried blocking malware just with local malware analysis enabled in the file policy.</P> <P>&nbsp;</P> <P>Vaibhav</P> Thu, 30 Nov 2017 00:24:17 GMT https://community.cisco.com/t5/network-security/block-malware-only-using-local-malware-analysis/m-p/3224775#M926407 vaibhav.parlekar1 2017-11-30T00:24:17Z