Cisco Cisco Firepower Management Center 4000

Protection or Malware

feature dependent

feature dependent

A file policy is a set of configurations that the system uses to perform advanced malware protection and 
file control, as part of your overall access control configuration. Consider the following diagram of a 
simple access control policy in an inline deployment.

malware detection 
robustness

limited file types

all file types

malware analysis choices

Defense Center-based, plus analysis in the 
cloud

Defense Center-based, plus additional options 
on the FireAMP portal

malware mitigation

malware blocking in network traffic, Defense 
Center-initiated remediations

FireAMP-based quarantine and outbreak 
control options, Defense Center-initiated 
remediations

events generated

file events, captured files, malware events, and 
retrospective malware events

malware events

information in malware 
events

basic malware event information, plus 
connection data (IP address, port, and 
application protocol)

in-depth malware event information; no 
connection data

network file trajectory

Defense Center-based

Defense Center-based, plus additional options 
on the FireAMP portal

required licenses or 
subscriptions

Protection license to perform file control; 
Malware license to perform malware 
protection

FireAMP subscription (not license-based)