cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
109
Views
0
Helpful
0
Replies

File and Malware Policy Not Logging File Events in FMC

MSN
Level 1
Level 1

I’m currently working on a POC setup with Cisco FTD managed by FMC (7.4), and I’ve configured a File and Malware policy to test file detection and logging. However, I’m encountering an issue where no file events are being logged in the File Events or File & Malware > File Events (Table View) sections of FMC.

Here is the configuration I’ve applied:

  • Created a File Policy with:

    • Tried with "Block Malware" & "Detect Files" option enabled

    • All file type categories selected

    • Direction of transfer is any
  • Applied this File Policy to an Access Control Policy (ACP) rule:

    • Action: Allow (any-any)

    • File Policy is selected

    • Logging is enabled at both "Log at Beginning" and "Log at End"

    • File logging is enabled

  • Deployed the policy successfully to the FTD device

  • I am using an evaluation license

  • I attempted multiple file downloads, including clean files and known malware test files (such as EICAR)

  • In Unified Events, I can see the download traffic (web server responses) appearing correctly, but:

    • No file events are generated in File & Malware > File Events

  • No information about file types or verdicts is being logged

    Any guidance would be greatly appreciated. Thank you!
0 Replies 0
Review Cisco Networking for a $25 gift card