Hi everyone,we have setup where IPS,AB ,AV and TE is enabled.TE is enabled on separate device and integrated in gateway.
We have bypassed password protected file from Threat Emulation(TE) ,this behavior works fine when all blades are enabled(IPS,AB,AV,TE) and there is no log for AV,we can see benign log for TE.
But when I disable TE ,the same password protected file will be blocked by AV,we can see the prevent logs for AV.
I want to understand how the threat prevention engine behaves when we enable all the blades,is it bypassing the AV ?
If so why it is bypassing ?
Why the same file is not inspecting by AV when AV is enabled alongwith TE.