This will give support more data to work with for a solution.
Thanks for posting the information and tracking the issue for the rest of us.
This issue was handled by our internal managed support team, escalated to me for assistance and then escalated to PAN with a case opened. I provided them JayD 's Case ID for that very tracking capability. I'm trying to retrieve our PAN Case ID now so it can be listed here.
The WF signature database on the devices don't have all signatures. So if your file is malicious that indicates a file was inspected by WF and with hash check your firewalls knows this verdict.
But to block the file it needs to have a signature in the WF database on your device. If the algorithm to select signatures being in the WF database not selected the signature for your file, your device will not be able to block it.
If the file is triggered the WF algorithm will select the file again to be in the WF database that is pushed towards the devices in one of the next updates. Then you will see it gets blocked.
That is how it works in fact, of course a bug is also possible :smileyhappy:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!