I’m currently working on a POC setup with Cisco FTD managed by FMC (7.4), and I’ve configured a File and Malware policy to test file detection and logging. However, I’m encountering an issue where no file events are being logged in the File Events or File & Malware > File Events (Table View) sections of FMC.

Here is the configuration I’ve applied:

• Created a File Policy with:

  • Tried with "Block Malware" & "Detect Files" option enabled

  • All file type categories selected

  • Direction of transfer is any

• Applied this File Policy to an Access Control Policy (ACP) rule:

  • Action: Allow (any-any)

  • File Policy is selected

  • Logging is enabled at both "Log at Beginning" and "Log at End"

  • File logging is enabled

• Deployed the policy successfully to the FTD device

• I am using an evaluation license

• I attempted multiple file downloads, including clean files and known malware test files (such as EICAR)

• In Unified Events, I can see the download traffic (web server responses) appearing correctly, but:

  • No file events are generated in File & Malware > File Events

• No information about file types or verdicts is being logged
  
  Any guidance would be greatly appreciated. Thank you!