Cisco Cisco FirePOWER Appliance 7030
33-20
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding and Creating File Policies
Step 9
Click
Save
.
The file rule is added to the policy. If you are editing an existing file policy, you must reapply any access
control policies that use the file policy for your changes to take effect.
control policies that use the file policy for your changes to take effect.
Configuring Advanced File Policy Options
License:
Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
In a file policy, you can set the following advanced options.
Note that because you cannot use a Malware license with a DC500, you cannot use or modify these
settings. Similarly, because you cannot enable a Malware license on a Series 2 device, you cannot apply
a file policy with these settings enabled.
settings. Similarly, because you cannot enable a Malware license on a Series 2 device, you cannot apply
a file policy with these settings enabled.
To configure advanced file policy options:
Access:
Admin/Access Admin
Step 1
Select
Policies > Files
.
The File Policies page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
The File Policy Rule page appears.
Step 3
Select the
Advanced
tab.
The Advanced tab appears.
Step 4
Modify the options as described in the
table.
Step 5
Click
Save
.
Table 33-7
Advanced File Policy Options
Field
Description
Default Value
Enable Custom Detection List
Select this to block files on the custom detection list when
detected.
detected.
enabled
Enable Clean List
Select this to allow files on the clean list when detected.
enabled
Mark files as malware based on dynamic
analysis threat score
analysis threat score
Select a threshold value to automatically treat files with that threat
score or higher as if they are malware. Select
score or higher as if they are malware. Select
Disabled
to disable
this.
Note that as you select lower threshold values, you increase the
number of files treated as malware. Depending on the action
selected in your file policy, this can result in an increase of
blocked files.
number of files treated as malware. Depending on the action
selected in your file policy, this can result in an increase of
blocked files.
Very High (76 and
above)
above)