Looking into your logs you are hitting the Snort Process L3SI (Security Intel) where we noted that packet is block due to the SI rule (custom rule) later we see the traffic is allow with same source and destin. Looking at the below Snort Process diagram the File Policy is well far away. if the initiator IP is the Public IP address it should be hitting the SI intel but it clearly not. 

Cisco recommends that you enable Reset Connection for the Block Files and Block Malware actions to prevent blocked application sessions from remaining open until the TCP connection resets. If you do not reset connections, the client session will remain open until the TCP connection resets itself.

could you create a rule in access-control-list (ACL)   Policies->Access Control->Access Control Policy->here edit your existing control policy

Create a new control policy and set a new rule with action either block or block with reset. leave the zone do not touch it. at networks create a network with block ip address and call it in Add to source Networks your block ip object and also call it in Add to Destination once this done. call your internal network on Add to Source Networks and Add to Destination. by doing this either initiator either your local network or your Public IP will be block in both way.  also enable the logging at log at the beginning of connection.