01-18-2018 05:48 AM - edited 03-08-2019 05:46 PM
Hi,
I have created a malware file policy to block malware for PDF & Executables.
When I attach the malware file policy to my Access Control Policy acl I receive a warning " Configured Ports will prevent the file policy from being triggered"
The acl has a destination port of UDP-6064.
I have no issues when applying the malware policy to acls with destination TCP ports.
Any help would be appreciated.
thanks
Ian
01-19-2018 02:47 AM
Hello,
I am not sure, what do you mean with policy to block all PDF and executables.
If we get to the AMP console, you can blacklist a specific file SHA. You can block network connection e.g. specific ports, CIDR IP block or specifig IP address.
Did you try any of these?
Regards
David
01-19-2018 04:36 AM
Hello David,
Please see the attachment of an example Malware File Policy created on FMC. I should have referenced Executables and PDF as the file type category.
When I attach the Malware File Policy to the Access Control Policy I then receive warnings " configured ports will prevent the file policy from being triggered".
regards
Ian
10-26-2018 03:36 PM
Hi, I found this message is show when you use UDP and ICMP as destination ports. That's because this policy only applies in TCP ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide