https://live.paloaltonetworks.com/t5/general-topics/wildfire-logs-showing-allow-action-for-malicious-url/m-p/339793#M85315 <P>Two wildifire logs (16 July and 20 July )&nbsp; are showing for same url with malicious verdict and action is allow. We have checked wildfire report of both logs , all information is same (same hash value , first timestamp seen is 7 July etc. ).</P><P>If same url is identified in 7 July then why its showing in wildifre submission logs. Also why action is allow showing in second and third occurrence ?</P> Tue, 21 Jul 2020 06:03:56 GMT Deepak_K 2020-07-21T06:03:56Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-logs-showing-allow-action-for-malicious-url/m-p/339793#M85315 <P>Two wildifire logs (16 July and 20 July )&nbsp; are showing for same url with malicious verdict and action is allow. We have checked wildfire report of both logs , all information is same (same hash value , first timestamp seen is 7 July etc. ).</P><P>If same url is identified in 7 July then why its showing in wildifre submission logs. Also why action is allow showing in second and third occurrence ?</P> Tue, 21 Jul 2020 06:03:56 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-logs-showing-allow-action-for-malicious-url/m-p/339793#M85315 Deepak_K 2020-07-21T06:03:56Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-logs-showing-allow-action-for-malicious-url/m-p/341738#M85720 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62177">@Deepak_K</a>&nbsp;</P> <P>In what traffic did you see these logs? If it was in smtp traffic then this is expected behaviour. In smtp paloalto sees and forwards email-links to wildfire, but cannot take actions based on urls.</P> Sat, 01 Aug 2020 19:03:42 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-logs-showing-allow-action-for-malicious-url/m-p/341738#M85720 Remo 2020-08-01T19:03:42Z