Marvin I am facing a problem in FMC security intelligence that when I add list in txt. format which has URL in it. list got uploaded and after that when I download the list from SI to check, The URL will not appear in that list which was added earlier also it is not blocking when I add that list in blacklist mode. I am Using FMC software version: 5.4.1.6. Kindly suggest.

I'm not sure what might be wrong with your file. I've tested blacklist based on uploading a text file and it worked fine for me.

I am using the most recent Firepower versions but did this test as far back as 6.1. Is there a reason why you are running a VERY old version of Firepower? If you contact TAC they will almost undoubtedly ask that you upgrade to a current release and try it again.

What does one do if the opposite needs to happen ? What if FirePower with AMP for files is blocking a file it shouldn't be ? We have the SHA256 hash that being blocked, its not malware, we know what the file is and what its behavior is. What needs to be done to, lay person's terms, " if Firepower detects a specific SHA256 file on the network, do nothing."

AMP for Networks (i.e. on FMC or Firepower device) does not allow you to create policies based on a specific file's SHA-256. That requires AMP for endpoints where it is done on the AMP console.

The best you can do is open a ticket with TAC (or Talos - I find TAC more interactive and responsive) and request the incorrect SHA-256 be remedied in AMP cloud.

Thank you for your reply. Very helpful.

Once you create a Malware &  File policy and choose BLOCK and push the config out to your FTD, it will automatically just block everything from the Custom-Detection-List?