I have created a malware file policy to block malware for PDF & Executables.
When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered"
The acl has a destination port of UDP-6064.
I have no issues when applying the malware policy to acls with destination TCP ports.
Any help would be appreciated.
I am not sure, what do you mean with policy to block all PDF and executables.
If we get to the AMP console, you can blacklist a specific file SHA. You can block network connection e.g. specific ports, CIDR IP block or specifig IP address.
Did you try any of these?
Please see the attachment of an example Malware File Policy created on FMC. I should have referenced Executables and PDF as the file type category.
When I attach the Malware File Policy to the Access Control Policy I then receive warnings " configured ports will prevent the file policy from being triggered".