FMC – AMP Malware Inspection

KB ID 0001159 

Problem

If you take a look in your SourceFire dashboard, and there is no data shown on the malware threat section like so;

Solution

The message is pretty descriptive, and it’s telling you exactly what you need to do. Now I’m making the assumption that you have added a valid AMP / Malware licence like so;

Policies > Access Control > Edit your access control policy > Then Edit the file policy.

Add in “Block Malware with Reset”.

You can test the rule is applying correctly by trying to download the eicar test infected files;

Then after a short time, you should start to see the malware threats window start to show some data.

Related Articles, References, Credits, or External Links

NA