Cisco Cisco FirePOWER Appliance 7010
33-18
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding and Creating File Policies
The File Policy Rules tab appears.
Step 4
Add one or more rules to the file policy.
File rules give you granular control over which file types you want to log, block, or scan for malware.
For information on adding file rules, see
For information on adding file rules, see
Because you cannot use a Malware license with a DC500, you cannot create file rules that use the Block
Malware or Malware Cloud Lookup action or use that appliance to apply file policies that contain rules
with those actions. Similarly, because you cannot enable a Malware license on a Series 2 device, you
cannot apply a file policy containing rules with those actions to those appliances.
Malware or Malware Cloud Lookup action or use that appliance to apply file policies that contain rules
with those actions. Similarly, because you cannot enable a Malware license on a Series 2 device, you
cannot apply a file policy containing rules with those actions to those appliances.
Step 5
Configure the advanced options. See
for more
information.
Step 6
Click
Save
.
To use your new policy, you must add the file policy to an access control rule, then apply the access
control policy. If you are editing an existing file policy, you must reapply any access control policies that
use the file policy.
control policy. If you are editing an existing file policy, you must reapply any access control policies that
use the file policy.
Working with File Rules
License:
Protection or Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
To be effective, a file policy must contain one or more rules. You create, edit, and delete rules on the File
Policy Rules page, which appears when you create a new file policy or edit an existing policy. The page
lists all the rules in the policy, along with each rule’s basic characteristics.
Policy Rules page, which appears when you create a new file policy or edit an existing policy. The page
lists all the rules in the policy, along with each rule’s basic characteristics.
The page also notifies you of how many access control policies use this file policy. You can click the
notification to display a list of the parent policies and, optionally, continue to the Access Control Policies
page.
notification to display a list of the parent policies and, optionally, continue to the Access Control Policies
page.
To create a file rule:
Access:
Admin/Access Admin
Step 1
Select
Policies > Files
.
The File Policies page appears.
Step 2
You have the following options:
•
To add rules to a new policy, click
New File Policy
to create a new policy; see
•
To add rules to an existing policy, click the edit icon (
) next to the policy.
Step 3
On the File Policy Rules page that appears, click
Add File Rule
.
The Add File Rule dialog box appears.
Step 4
Select an
Application Protocol
.
Any
, the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic.
Step 5
Select a
Direction of Transfer
.