cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9637
Views
5
Helpful
16
Replies

malware block file policy

adamgibs7
Level 6
Level 6

Dears,

I have setup a file policy as per the attached, i can see the logs that the malware has been passed by the file transfer though i have block malware for all the type of the file, can anybody confirm to me by the file/malware events as per the attached the enduser is affected with  malware ??  i don't see any color change on the end user computer ikon but in the file trajectory it's show's me disposition of malware,  also  can anybody confirm to me that the file policy i have created below are best enough to block malware as those are displaying warning which i think it is only an information.

1) mov and archive file blocked

2) all type of files malware detected blocked

Thanks

16 Replies 16

I have similar issue. I don't think I understand as to what the fix is?

should we leave the file policy rule as "any" change it a defined protocol

or the rule (i.e teamviewer) will determine if the IPS and File Policy Rule gets triggered on that access rule.

I only have Teamviewer Applicaton defined in that access-rule; no other traffic or apps in that rule.  Let me know,  Thanks

 

The system can detect and inspect files transmitted via FTP, HTTP, SMTP, IMAP, POP3, and NetBIOS-ssn (SMB). Any, the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic.

This means - other protocols can't be checked for files.
Review Cisco Networking for a $25 gift card