A file gets downloaded through PA, in WildFire submission logs I can see the action as "forward" as expected. After that action is "wildfire-upload-skip" that means the file has been seen by wildfire before and the verdict is "Malicius".
but wildfire action is alert even though I have set action and wildfire action as Reset-both in AV profile. Please suggest.
Initial thoughts would be the following
1) Make sure that the antivirus profile you are looking at is actually assigned to that rule, you would be amazed at how often that's the issue.
2) What is your utilization on this device. If it's high enough that WildFire identification is offloaded until the device can handle sending/determining the file then it's forms the possibility that it simply didn't recognize that it was a malicious file in time to actually stop the download. Considering that this is a flash file I'm assuming that it isn't very large.
Thanks for the Input.
I rechecked and found that I have correct anti-virus profile on the policy.
Utilization is very low.
I have an Anti-Spyware profile confiured and applied on the same policy where "severity Medium has action set as alert" , by any chance it can get affected by Antispyware profile?
Technically speaking I don't think you should have to mess with antispyware to get this to work...that being said I ran into the same issue a few months back on one of our units and after modifying the Anti-Spyware profile it started to work as I had intended so...
I would open an official TAC case on this. There is another recent similar report of wildfire not blocking previously seen malicious files. This may be a bug.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!