https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239308#M459 <P>we were able to resolve the issue. turns out the USER ID was coming across with only part of the domain name and the policy was set for the full domain name. There for, my traffic was never meeting the criteria for the policy and fell into the explicit deny.&nbsp;</P> Fri, 09 Nov 2018 16:52:29 GMT wrollins 2018-11-09T16:52:29Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/238791#M455 <P>im trying to allow hotmail. i have created a policy to allow hotmail. when going to the web site "mail.live.com" action is "allowed" however the session is ended because "threat"&nbsp; i cant quite find why and/or where hotmail application is being catagorized as a threat. any help? thanks</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HOTMAIL.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17454iB4E4A18D12E2DF99/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="HOTMAIL.png" alt="HOTMAIL.png" /></span></P> Tue, 06 Nov 2018 23:48:34 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/238791#M455 wrollins 2018-11-06T23:48:34Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239141#M457 <P>Hello,</P><P>Click on the paper and magnifying glass icon on the far left of the lost. It'll bring up more details and there you should be able to see in the middel as to what it found and why it was blocked.</P><P>&nbsp;</P><P>Hope that helps.</P> Thu, 08 Nov 2018 19:46:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239141#M457 OtakarKlier 2018-11-08T19:46:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239308#M459 <P>we were able to resolve the issue. turns out the USER ID was coming across with only part of the domain name and the policy was set for the full domain name. There for, my traffic was never meeting the criteria for the policy and fell into the explicit deny.&nbsp;</P> Fri, 09 Nov 2018 16:52:29 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239308#M459 wrollins 2018-11-09T16:52:29Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239312#M460 <P>That was. thank you!</P> Fri, 09 Nov 2018 16:53:55 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/239312#M460 wrollins 2018-11-09T16:53:55Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/280687#M616 <P>Hi,</P><P>&nbsp;</P><P>I can not agree with you explanation, since if the user is not matching then it's going the deny rule at the end is fine. But here it's identified as a 'threat'. So should be blocked by URL Filtering. But if it is also not.. That's the issue. I'm also facing same issue. Traffic is dentified as a threat in traffic log. But URL Filtering action is allowed.</P> Fri, 02 Aug 2019 06:09:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/hotmail-session-end-reason-quot-threat-quot/m-p/280687#M616 MaheshCrypto 2019-08-02T06:09:59Z