We are seeing some IPS logs that display "No_protection_5c852822be90f306" in the Threat Profile field (image "No_protection" attached).
The IPS blade is enabled on the gateway, and when we check the protection that was identified in this log the action fields say "more details", instead of letting us change the default action for a specific profile, which means we're talking about a core protection. We then have to access the protection page and change the action from within it.
Does anyone know why this might be happening?