Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
4
Replies

firepower malware file block configuration

tato386
Level 6
Level 6

‎06-07-2017 06:44 PM - edited ‎03-10-2019 06:51 AM

I have a Firepower running in an ASA which is identifying files as malware but the file is still downloaded and I find it on the local drive of the PC.  I have attached snippets of the logs and the file rule.  Am I missing anything?

Thanks,

Diego

Labels:
Preview file
126 KB
Preview file
43 KB
Preview file
80 KB
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-07-2017 08:08 PM

Have you applied the file policy in the Access Control Policy that affect the PC's location/address?

Could the PC have received the file prior to the policy being in place or while connected outside the protected LAN?

0 Helpful

tato386
Level 6
Level 6
In response to Marvin Rhoads

‎06-08-2017 05:13 AM

The firepower access policy has been in effect for this location for several weeks and it is successfully blocking banned URL categories.  The firepower logged the IP address and the correct user of the PC.  The time, date and size of the file on the PC match the one in the firepower logs.  So as far as I can tell the answer to your questions are yes and yes.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tato386

‎06-08-2017 06:57 AM

As far as I can see you have everything setup as I would have.

I'd suggest opening a TAC case and having them review the setup in more detail.

0 Helpful

tato386
Level 6
Level 6
In response to Marvin Rhoads

‎06-08-2017 09:46 AM

10-4, will do.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card