AnsweredAssumed Answered

Detect in Log and Prevent in Report. How can it be?

Question asked by Evgeniy Olkov on Nov 12, 2018
Latest reply on Nov 18, 2018 by Evgeniy Olkov

Hello. I need some help with Threat Emulation. Our customer have a couple of incidents with virus prevention.

A virus file can pass check point with detect in logs:

Matched Rules:

Rules:

Severity - Critical, Confidence Level - High. Threat Prevention profile:

At the same time if we open summury report we see Prevent:

What is wrong? Antivirus does not blok this file too.

Outcomes