Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
0
Helpful
1
Replies

archives not detected

apepacisco
Level 1
Level 1

‎02-08-2018 05:07 AM - edited ‎02-20-2020 09:05 PM

Hi,

i'm testing  cisco firepower AMP,  it is correct that with a  "malware block" policy  in AMP  all tests   with ecrypted files fail ?

i using this site:

metal.fortiguard.com

it seems to block only plain, tar and cab files.

Labels:
0 Helpful
1 Reply 1

emirolyu
Cisco Employee
Cisco Employee

‎02-10-2018 07:10 AM

What do you mean by saying the tests for encrypted files fail?

If you're referring to downloading files through HTTPS, the contents may not be visible, unless you've configured the device to perform decryption. If you speak about encrypted archives, there's a policy (Advanced tab) action to block files, that cannot be inspected.

It's all documented in the config guide: Firepower Management Center Configuration Guide, Version 6.2 - File Policies and AMP for Firepower [Cisco Firepower Ma…

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents