Just recently went live with the new Sourcefire module on our prod ASA (5555X). That has gone well :)
We are licensed for the malware protection service as well.
Currently there is a file policy in place to "detect" all file categories.
Would like to enable malware protection and have it block at the edge...
My question is do I create another file policy rule below the detect rule and set the action for all file types to "block Malware" ?
Do I need to be concerned about the load on the SFR module if I do this for all file types ?
Is there anyway on the module to only detect Malware as a trial run before i decide to block it all ?
Any help would be appreciated.
Cheers
Dave