Solved: malware block file policy - Page 2

adamgibs7 · ‎05-06-2016

Dears,

I have setup a file policy as per the attached, i can see the logs that the malware has been passed by the file transfer though i have block malware for all the type of the file, can anybody confirm to me by the file/malware events as per the attached the enduser is affected with malware ?? i don't see any color change on the end user computer ikon but in the file trajectory it's show's me disposition of malware, also can anybody confirm to me that the file policy i have created below are best enough to block malware as those are displaying warning which i think it is only an information.

1) mov and archive file blocked

2) all type of files malware detected blocked

Thanks

LMatt · ‎04-27-2018

I have similar issue. I don't think I understand as to what the fix is?

should we leave the file policy rule as "any" change it a defined protocol

or the rule (i.e teamviewer) will determine if the IPS and File Policy Rule gets triggered on that access rule.

I only have Teamviewer Applicaton defined in that access-rule; no other traffic or apps in that rule. Let me know, Thanks

Sergey Prishchepa · ‎09-02-2021

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.pdf

The system can detect and inspect files transmitted via FTP, HTTP, SMTP, IMAP, POP3, and NetBIOS-ssn (SMB). Any, the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic.

This means - other protocols can't be checked for files.