What likely happend is local analysis analyzed the file due to WildFire not having a verdict for the file hash, and that analysis didn't show any problems. When that file was later uploaded to WildFire the sandbox environment recognized malicious activity and labeled it as malware. Due to the file already being allowed to run, the only thing you'll get is a notification saying that it allowed this to run.
The good news is the hash is now known as malicious and it can't be run on any other device as long as they can check the hash verdict status with WildFire, so even though it allowed it on one machine it will block it going forward.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!