Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

laurence64 — Thu, 11 Jan 2024 10:18:20 GMT

I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is allow, this has also been confirmed by the fact that the samples of Malware are being blocked by the Windows defender running on the test desktop.

I have configured decryption and allowed the forwarding of decrypted traffic ( I assume that the submissions would not show if this was not working correctly ) and have confirmed that the traffic is running across the defined rule and that rule has the Wildfire and Anti-virus profiles that are set to reset everything, this is very strange behavior and I am hoping that it is an omission in my configuration somewhere.

Additionally this does not seem to matter if the session is http or http2

Any help would be greatly received as this has me scratching my head at the moment.

Thank you in advance,

Re: Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

iarobertson — Sun, 04 Feb 2024 22:36:46 GMT

Hello @laurence64 - are you in a position to share your profile and policy configurations?

topic Re: Advanced Wildfire Allowing High Severity Verdicts but blocking Informational in Next-Generation Firewall Discussions

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

Re: Advanced Wildfire Allowing High Severity Verdicts but blocking Informational