Unencrypted malware blocking is working fine.
If you implement a SSL decryption policy for HTTPS web traffic and configure an ACP rule to inspect the HTTPS traffic for malware, one of two things will happen:
1. Either the Firepower module will detect the traffic as malware and the action will be ALLOW. The result is the malware is successfully downloaded
2. Or the Firepower module will detect the traffic as malware with the action as BLOCK. However, again the malware is successfully downloaded. The blocking action is not performed and TCP conversation completes normally.
Covered under bug CSCvm32267
Running Firepower 6.2