Marware and File Policy

Location in GUI: Policies » Marware and File » Marware and File Policies

Diagram

Classes

policies (fmc.domains)

Name	Type	Constraint	Mandatory	Default Value
file_policies	List	`[file_policies]`	No

file_policies (fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
block_encrypted_archives	Boolean	`true`, `false`	No	`false`
block_uninspectable_archives	Boolean	`true`, `false`	No	`false`
clean_list	Boolean	`true`, `false`	No	`true`
custom_detection_list	Boolean	`true`, `false`	No	`true`
description	String	max: `255`	No
first_time_file_analysis	Boolean	`true`, `false`	No	`true`
inspect_archives	Boolean	`true`, `false`	No	`false`
max_archive_depth	Integer	min: `1`, max: `3`	No	`2`
threat_score	Choice	`DISABLED`, `MEDIUM`, `High`, `VERY_HIGH`	No	`DISABLED`
file_rules	List	`[file_rules]`	No

file_rules (fmc.domains.policies.file_policies)

Name	Type	Constraint	Mandatory
action	Choice	`DETECT`, `BLOCK_WITH_RESET`, `DETECT_MALWARE`, `BLOCK_MALWARE_WITH_RESET`	Yes
application_protocol	Choice	`ANY`, `HTTP`, `SMTP`, `IMAP`, `POP3`, `FTP`, `SMB`	Yes
direction_of_transfer	Choice	`ANY`, `UPLOAD`, `DOWNLOAD`	Yes
file_categories	List	String	No
file_types	List	String	No
store_files	Choice	`MALWARE`, `CUSTOM`, `CLEAN`, `UNKNOWN`	No

Examples

Prerequisites:

existing:
  fmc:
    domains:
      - name: Global
        objects:
          file_types:
            - name: PDF
          file_categories:
            - name: PDF files

File Policy:

fmc:
  domains:
    - name: Global
      policies:
        file_policies:
          - name: MyFilePolicyName1
            file_rules:
              - action: DETECT
                application_protocol: HTTP
                direction_of_transfer: DOWNLOAD
                file_categories:
                  - PDF files
              - action: DETECT
                application_protocol: HTTP
                direction_of_transfer: UPLOAD
                file_types:
                  - PDF