Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1208
Views
5
Helpful
1
Replies

Firepower Block Reason Investigating

georgehewittuk1
Level 1
Level 1

‎09-13-2021 08:37 AM

Hi All,

 

Just trying to troublehsoot & wanted to question if a file is blocked in this case it's an email with an attachment (we suspect it is between exchange & ESA)  can we dig any deeper other than just seeing 'File Block' into what the attachment was/reasons etc?

 

We are using 6.6.4 & have malware policy enabled for the access-rule.

 

Also is there a way in whitelisting a file that maybe a false positive.

 

Thanks

G

 

 

Preview file
64 KB
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎09-13-2021 12:14 PM

You should be able to configure the file policy to capture and store the file.  Once the file is stored you will be able to download for further analysis.  View the file at Analysis > Files > Captured Files.

As for allowing false positives, you can add the file to a "clean list"

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card