https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173418#M54584 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/45418">@Farzana</a>,</P><P>Something to keep in mind as well is that most documents that I see from SMTP has to be sent to wildfire and the verdict has to come after it's been analyzed; so dropping it on the fly doesn't really work that well and might not be advisable depending on your companies tolerance to any false positive emails being unrecoverable.&nbsp;&nbsp;</P> Mon, 28 Aug 2017 14:04:55 GMT BPry 2017-08-28T14:04:55Z https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173401#M54581 <P>&nbsp;</P><P>Hello,</P><P>&nbsp;</P><P><SPAN>An email attachment has been classified by Wildfire as malicious. However, it was not blocked and just an alert was logged.</SPAN><BR /><BR /><SPAN>Below are two&nbsp;screenshots from the Wildfire submission and threat logs.</SPAN></P><P><BR /><SPAN>Any idea why has the Vulnerability Protection classified this threat as medium even though WildFire classified this file as malicious? How to make sure it is blocked?</SPAN></P><P>&nbsp;</P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Log.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10937i13674A9ADD072D16/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Log.jpg" alt="Log.jpg" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Wildfire.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10938iAE40FA26F89F3EF2/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Wildfire.jpg" alt="Wildfire.jpg" /></span></SPAN></P><P><SPAN>Thanks in advance.</SPAN></P> Mon, 28 Aug 2017 09:56:27 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173401#M54581 Farzana 2017-08-28T09:56:27Z https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173404#M54583 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/45418">@Farzana</a>,</P> <P>&nbsp;</P> <P>I'm guessing you don't have your device&nbsp;configured to drop this.</P> <P>&nbsp;</P> <P>The default WildFire action for the SMTP decoder is&nbsp;alert :</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="default action for smtp decoder is alert" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10939iA9AB66C6D696F39B/image-size/large?v=v2&amp;px=999" role="button" title="2017-08-28_12-15-57.jpg" alt="default action for smtp decoder is alert" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">default action for smtp decoder is alert</span></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also, this article might be useful :</P> <P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Enable-WildFire-to-Block-File-with-malicious-Verdict/ta-p/54376" target="_blank">How-to-Enable-WildFire-to-Block-File-with-malicious-Verdict</A></P> <P>&nbsp;</P> <P>Hope this helps !</P> <P>-Kiwi.</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 28 Aug 2017 10:18:31 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173404#M54583 kiwi 2017-08-28T10:18:31Z https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173418#M54584 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/45418">@Farzana</a>,</P><P>Something to keep in mind as well is that most documents that I see from SMTP has to be sent to wildfire and the verdict has to come after it's been analyzed; so dropping it on the fly doesn't really work that well and might not be advisable depending on your companies tolerance to any false positive emails being unrecoverable.&nbsp;&nbsp;</P> Mon, 28 Aug 2017 14:04:55 GMT https://live.paloaltonetworks.com/t5/general-topics/malicious-file-not-getting-blocked/m-p/173418#M54584 BPry 2017-08-28T14:04:55Z