cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1474
Views
0
Helpful
3
Replies
Beginner

FTD Malware File Policy

Hi,

 

I have created a malware file policy to block malware for PDF & Executables.

When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered"

The acl has a destination port of UDP-6064.

 

I have no issues when applying the malware policy to acls with destination TCP ports.

 

Any help would be appreciated.

 

thanks

 

Ian

 

 

3 REPLIES 3
Cisco Employee

Re: FTD Malware File Policy

Hello,

 

I am not sure, what do you mean with policy to block all PDF and executables.

 

If we get to the AMP console, you can blacklist a specific file SHA. You can block network connection e.g. specific ports, CIDR IP block or specifig IP address.

Did you try any of these?

  1. Outbreak control > Custom detections
  2. Outbreak control > Application blocking
  3. Outbreak control > Network > IP blacklist

Regards

David

Highlighted
Beginner

Re: FTD Malware File Policy

Hello David,

 

Please see the attachment of an example Malware File Policy created on FMC. I should have referenced Executables and PDF as the file type category.

 

When I attach the Malware File Policy to the Access Control Policy I then receive warnings " configured ports will prevent the file policy from being triggered".

 

regards

 

Ian

Beginner

Re: FTD Malware File Policy

Hi, I found this message is show when you use UDP and ICMP as destination ports. That's because this policy only applies in TCP ports.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here