Cisco Cisco Firepower Management Center 4000
33-17
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding and Creating File Policies
Clicking the apply icon (
) for a file policy displays a dialog box that tells you which access control
policies use the file policy, then redirects you to the Access Control page. This is because you cannot
apply a file policy independently, as a file policy is considered part of its parent access control policies.
To use a new file policy, or to apply changes made to an existing file policy, you must apply or reapply
the parent access control policies.
apply a file policy independently, as a file policy is considered part of its parent access control policies.
To use a new file policy, or to apply changes made to an existing file policy, you must apply or reapply
the parent access control policies.
Note the following:
•
The system checks the cloud for updates to the list of file types eligible for dynamic analysis (no
more than once a day). If the list of eligible file types changes, this constitutes a change in the file
policy; any access control policy using the file policy is marked out-of-date if applied to any devices.
You must reapply the parent access control policy to apply the updated file policy to the device.
more than once a day). If the list of eligible file types changes, this constitutes a change in the file
policy; any access control policy using the file policy is marked out-of-date if applied to any devices.
You must reapply the parent access control policy to apply the updated file policy to the device.
•
You cannot delete a file policy used in a saved or applied access control policy.
For more information on managing file policies, see the following sections:
•
•
•
Creating a File Policy
License:
Protection or Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
After you create a file policy and populate it with rules, you can use it in an access control policy.
Note that because you cannot use a Malware license with a DC500, you cannot create file rules that use
the Block Malware or Malware Cloud Lookup action or use that appliance to apply file policies that
contain rules with those actions. Similarly, because you cannot enable a Malware license on a Series 2
device, you cannot apply a file policy containing rules with those actions to those appliances.
the Block Malware or Malware Cloud Lookup action or use that appliance to apply file policies that
contain rules with those actions. Similarly, because you cannot enable a Malware license on a Series 2
device, you cannot apply a file policy containing rules with those actions to those appliances.
Tip
To make a copy of an existing file policy, click the copy icon (
), then type a unique name for the new
policy in the dialog box that appears. You can then modify the copy.
To create a file policy:
Access:
Admin/Access Admin
Step 1
Select
Policies > Files
.
The File Policies page appears.
Step 2
Click
New File Policy
.
The New File Policy dialog box appears.
For a new policy, the web interface indicates that the policy is not in use. If you are editing an in-use file
policy, the web interface tells you how many access control policies use the file policy. In either case,
you can click the text to jump to the Access Control Policies page; see
policy, the web interface tells you how many access control policies use the file policy. In either case,
you can click the text to jump to the Access Control Policies page; see
.
Step 3
Enter a
Name
and optional
Description
for your new policy, then click
Save
.