5506-X here - polices were working fine, then stopped. I see in the real-time log viewer the SFR module is working - I see "SFR requested to drop TCP..." but the ASA is ignoring that and allowing the traffic. Tried the usual reboots, etc.
I have a single service rule policy for any traffic and the rule action is enable firepower, close traffic if sfr fails, and enable monitor only is NOT enabled.
It's behaving like we are in monitoring only mode but for file monitoring only... Nothing is being blocked despite the SFR module tagging packets to drop. Other policies to drop traffic do seem to work. Only real change was the upgrade to the 5.4.1.2-23 build of the Cisco sensor.