Hi,
As per the documentation FireAMP blocks malware based on known hash and Firepower and can hold the file for 30 secs to get the verdict. In case if the verdict is unknown by FireAMP then can we use the ClamAV engine which is part of local malware analysis to block the malware inline on the network. Or is the file already sent in the network post FireAMP lookup.
We are trying to reduce the no. of unknown files in the network and block them at the network level. I see the block malware option in the file-blocking policy with local malware analysis option. Just wanted to confirm before enabling the check.
Any help on the same is appreciated.
Vaibhav