Cisco Cisco Firepower Management Center 4000

The File Policy Rules tab appears.

Add one or more rules to the file policy.

File rules give you granular control over which file types you want to log, block, or scan for malware. 
For information on adding file rules, see 

Because you cannot use a Malware license with a DC500, you cannot create file rules that use the Block 
Malware or Malware Cloud Lookup action or use that appliance to apply file policies that contain rules 
with those actions. Similarly, because you cannot enable a Malware license on a Series 2 device, you 
cannot apply a file policy containing rules with those actions to those appliances.

Configure the advanced options. See 

 for more 

information.

Click 

.

To use your new policy, you must add the file policy to an access control rule, then apply the access 
control policy. If you are editing an existing file policy, you must reapply any access control policies that 
use the file policy.

Protection or Malware

feature dependent

feature dependent

To be effective, a file policy must contain one or more rules. You create, edit, and delete rules on the File 
Policy Rules page, which appears when you create a new file policy or edit an existing policy. The page 
lists all the rules in the policy, along with each rule’s basic characteristics. 

The page also notifies you of how many access control policies use this file policy. You can click the 
notification to display a list of the parent policies and, optionally, continue to the Access Control Policies 
page.

Admin/Access Admin

Select 

.

The File Policies page appears.

You have the following options:

To add rules to a new policy, click 

 to create a new policy; see 

To add rules to an existing policy, click the edit icon (

) next to the policy.

On the File Policy Rules page that appears, click 

.

The Add File Rule dialog box appears.

Select an 

.

, the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic.

Select a 

.