01-11-2024 02:11 AM - edited 01-11-2024 02:18 AM
Hi
I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is allow, this has also been confirmed by the fact that the samples of Malware are being blocked by the Windows defender running on the test desktop.
I have configured decryption and allowed the forwarding of decrypted traffic ( I assume that the submissions would not show if this was not working correctly ) and have confirmed that the traffic is running across the defined rule and that rule has the Wildfire and Anti-virus profiles that are set to reset everything, this is very strange behavior and I am hoping that it is an omission in my configuration somewhere.
Additionally this does not seem to matter if the session is http or http2
Any help would be greatly received as this has me scratching my head at the moment.
Thank you in advance,
02-04-2024 02:36 PM
Hello @laurence64 - are you in a position to share your profile and policy configurations?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
