thanks for your prompt reply. In diagram 1.png i have selected all files. When i select one by one po the left side it adds all category (all file type)to the Selected file categories and Types. then check box on the left side get back to the default condition (unchecked)I hope i could make it clear to you.

I havent created decryption policy yet (SSL policyis none). So decrypting wont work. do you thing that encrypted files must pass through ssl plicy?

Thanks

check this link its explain in detail how file policy works

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Access_Control_Using_Intrusion_and_File_Policies.pdf

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.pdf

thanks for the link you sent. One more thing i want to mention. The encrypted file that is sent is rar,zip archive file. i read all materials you send but it only teaches how to configure file policy. It also say that if you want to block encrypted archive in the network check "Block Encrypted Archives" box. So again it wont block archive or blocks it  but make host get freezed.

Usually This problem occurs when users attemtp to take password protected rar,zip archive file from file server to their computers. then aforementioned problem occurs. 

Please send me solution

could you please confirm that your File Policy is married to the ACP policy? Is the source and destination IP are in same subnet or in different subnet?

how about your default ACP rule is?

Well, i created file policy that was shown on previous conversation. then i applied that file policy to access rule show on attachement.Furthermore file server is in different subnet than my host computer.  i mean both of them are not in the same subnet.

just read in cisco documentation.

Detect Files: This action detects a file trasfer and logs it as a file event without interruption the file transfer.

Tip: if you want to block a file, seclet the Rest Connecton option. it allows an application session to close before the connection time out by itself.

having said that, create your rule like this.

thanks so much for your help. i am about to solve the problem using your tips. i will try as u said. if any problem occurs i will turn u back . thank you

did you mange to solve the issue?

Hi. Unfortunately failed again. Lets explain what kind of task i am given exactly. I need to create a file policy that  blocks malware for all types of files (included unencrypted archives). Actually it is easy enough. But the hard part of this task is to block only encrypted archives. If possible could you please create such policy on your firepower and send me screenshot?

Hi took me a long to read the documentation :)

In order for you to block the encrypted archievs you need a Dynamic Analysis check you will find this under Malware Cloud/Block malware. which make sense as the encrypted traffic sha256 will sent to cisco cloud to check the if the file is legitimate. on the other part you can not only block the encrypted files.

i have attach some attachment for your reference.

first of all i want to say that i really appreciate your assistement.Thanks so much.

I tried again but faild as usual:) please see the attachment i posted. Block Malware function for all type of files wont block password protected archive that has malware inside it. i have read several documentation about file policy but couldnt find any solution. When i send that archive file over different network it passes without inspecting or blocking. 

I am beginner in this field that is why  i have difficulty to solve the issue. I guess i have configured correctly but not sure that what makes the password protected archive file pass.

Do you have any idea?