cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

L4 Transporter

Hi

 

I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is allow, this has also been confirmed by the fact that the samples of Malware are being blocked by the Windows defender running on the test desktop.

 

I have configured decryption and allowed the forwarding of decrypted traffic ( I assume that the submissions would not show if this was not working correctly ) and have confirmed that the traffic is running across the defined rule and that rule has the Wildfire and Anti-virus profiles that are set to reset everything, this is very strange behavior and I am hoping that it is an omission in my configuration somewhere.

 

Additionally this does not seem to matter if the session is http or http2

 

Any help would be greatly received as this has me scratching my head at the moment.

 

Thank you in advance,  

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants
Who Me Too'd this topic