To create a malware and file policy on a Cisco Secure Firewall Threat Defense (FTD) device that

ensures PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics, the security

engineer must configure local malware analysis. Local malware analysis allows the FTD to inspect

and analyze files locally without sending them to the cloud-based Cisco Secure Malware Analytics.

Steps to configure local malware analysis:

In FMC, navigate to Policies > Access Control > Malware & File Policies.

Create a new malware and file policy or edit an existing one.

Define rules to inspect specific file types, ensuring that PDF, DOCX, and XLSX files are handled locally.

Set the action for these file types to "Local Analysis."

Apply the policy to the relevant access control policy.

This configuration ensures that the specified file types are analyzed locally, meeting the requirement

to avoid sending them to Cisco Secure Malware Analytics.

Reference: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Malware and

File Policies