I’m currently working on a POC setup with Cisco FTD managed by FMC (7.4), and I’ve configured a File and Malware policy to test file detection and logging. However, I’m encountering an issue where no file events are being logged in the File Events or File & Malware > File Events (Table View) sections of FMC.
Here is the configuration I’ve applied:
Created a File Policy with:
Applied this File Policy to an Access Control Policy (ACP) rule:
Deployed the policy successfully to the FTD device
I am using an evaluation license
I attempted multiple file downloads, including clean files and known malware test files (such as EICAR)
In Unified Events, I can see the download traffic (web server responses) appearing correctly, but:
- No information about file types or verdicts is being logged
Any guidance would be greatly appreciated. Thank you!