Hello all, 

I have trying to get Ransim simulator for knowbe4 blocked by firepower and I cannot seem to get to block anything but one scenario, end point security catches 100%. Without endpoint security everything is vulnerable. I have a malware rule inspection 3 deep on the archive to block all types of categories and an additional on for Spero and it is placed under all the other block policies with the IPS rule.

Question is this normal behavior or should it be caught or at least more than one?

I do not have an SSL rule as this causes certificate issues when visiting secure sites. Could this be the issue?