Hello, we have configured the Antimalware policy to block malware, but when we do a test of antimalware test download from the below site, it gives an option to save the file in internet explorer, the antimalware is not blocking. it should not give an option to save.
The rule looks correct. I would suggest to check the connection events first to find which rule the traffic is hitting on the firepower.
Check analysis>events>connections and table view of connections and search for your test client IP.
See if it actually hits the AMPPOLICY rule or no.
If it hits that, then please make sure you download the test malware using http connection and not https.
https require SSL decryption. You can also create a test rule to block something (like URL or IP) to check if it actually works. If its ASA with SFR module, check if the module(service -policy) is configured in inline mode or passive (monitor-only)
Hope it helps,
the config is inline mode as below
match access-list sfr_redirect
policy-map type inspect dns preset_dns_map
message-length maximum client auto
message-length maximum 512
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
Config seems correct from ASA redirection point of view. Please check the firewall-engine-debug from CLI or connection events and find which rule the traffic hits.