https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/212495#M325 <P>Hi Team,</P><P>&nbsp;</P><P>Have some queries regarding this.</P><P>&nbsp;</P><P>Since the Firewall didn't have the Threat id,&nbsp; the mail or the Traffic was allowed to pass through to the destination?</P><P>And the severity is high because we didn't have a Threat-id for it.</P><P>&nbsp;</P><P>And we see the verdict as malicious but the traffic action is allow.</P><P>This means the verdict was done by the Public cloud wildfire after the traffic which has been allowed.</P><P>&nbsp;</P> Tue, 01 May 2018 19:54:56 GMT sprasad 2018-05-01T19:54:56Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/197996#M188 <P>All 3 are using same antivirus profile.&nbsp; While the informational shows as block, high shows as allow. Its only for smtp that .exe&nbsp;files are&nbsp;set to be blocked. All is set to drop.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/13565iD74D2B0339D4DBA4/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Wed, 31 Jan 2018 19:12:47 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/197996#M188 raji_toor 2018-01-31T19:12:47Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/197998#M189 <P>Wildfire submissions with a corresponding action of "block" are considered to be informational severity alerts given that the threat was successfully blocked.&nbsp; You should see a corresponding Threat Log which logged the block for this file with either a threat type of "wildfire-virus" or "virus".</P> <P>&nbsp;</P> <P><SPAN>Wildfire submissions with a corresponding action of "allow" are considered to be&nbsp;high severity alerts given that the threat was allowed (i.e. no Threat ID existed at the time of detection to block the malicious file).&nbsp;</SPAN></P> Wed, 31 Jan 2018 19:17:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/197998#M189 bvandivier 2018-01-31T19:17:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/212495#M325 <P>Hi Team,</P><P>&nbsp;</P><P>Have some queries regarding this.</P><P>&nbsp;</P><P>Since the Firewall didn't have the Threat id,&nbsp; the mail or the Traffic was allowed to pass through to the destination?</P><P>And the severity is high because we didn't have a Threat-id for it.</P><P>&nbsp;</P><P>And we see the verdict as malicious but the traffic action is allow.</P><P>This means the verdict was done by the Public cloud wildfire after the traffic which has been allowed.</P><P>&nbsp;</P> Tue, 01 May 2018 19:54:56 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/212495#M325 sprasad 2018-05-01T19:54:56Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/212699#M326 <P>Yes. To&nbsp;the one question.&nbsp;And I confirm your statements. That's correct.</P> Wed, 02 May 2018 17:02:09 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/212699#M326 mivaldi 2018-05-02T17:02:09Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/229422#M393 <P>Hello everyone!</P><P>&nbsp;</P><P>How can I block traffic until the verdict of Wildfire? Is there a way to do it?</P><P>&nbsp;</P><P>Regards.</P> Tue, 04 Sep 2018 18:18:32 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/wildfire-block-confusion/m-p/229422#M393 diegostny 2018-09-04T18:18:32Z