10-05-2025 06:52 PM
While Studying PCNSE and the topic is
I notice that the anti virus profile was not able to block the eicar.com file that keith barker downloaded on the FW.
He created a decryption policy in order to block that file.
On our FW on office we don't use decryption services because it is a CPU memory intensive. Although we have a Cisco Umbrella use by security team to block files.
i'm curious on our FW if someone downloaded a file that contains a virus, does our AV profile, Anti Spyware, Anti Malware and vulnerability protection will act the same as the FW of keith did?
Please let me know if you have any suggestions.
10-06-2025 04:54 AM
eicar is a test file that is explicitly excluded from scanning so it wont be blocked
if you don't have decryption enabled, you'll also not be able to see 99% of all internet activity's payload so wont be able to block malware
10-06-2025 05:28 PM
Hi Reaper,
we have AV profile, Anti Spyware, Anti Malware and vulnerability protection. On our FW on office we don't use decryption services because it is a CPU memory intensive. Although we have a Cisco Umbrella use by security team to block files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
