Dear all, I currently have a generic rule which blocks netbios-like traffic to and from internet with a simple deny. As this traffic is very likely to be malware generated (at least in my context) I have enabled a simple alert-only antivirus profile on that rule, but I don't get any entries in the thread logs. On the other hand, when I turn the rule to be accept instead of deny, threads logs is filed with virus alert. So, does the deny has precedence over the antivurs profile, dicarding the paket before it has a chance to be analysed ? If so, what can I do to achieve the what I described ? Thanks alot.
... View more