About Network Malware Protection and File Policies

To detect and block malware, use file policies. You can also use file policies to detect and control traffic by file type.

Advanced Malware Protection (AMP) for Firepower can detect, capture, track, analyze, log, and optionally block the transmission of malware in network traffic. In the Secure Firewall Management Center web interface, this feature is called malware defense, formerly called AMP for Firepower. Advanced Malware Protection identifies malware using managed devices deployed inline and threat data from the Cisco cloud.

You associate file policies with access control rules that handle network traffic as part of your overall access control configuration.

When the system detects malware on your network, it generates file and malware events. To analyze file and malware event data, see the File/Malware Events and Network File Trajectory chapter in the Cisco Secure Firewall Management Center Administration Guide .