Threat name in NSM SaaS/NSM On-Prem/Analytics

Description

At times, the firewall will drop certain packets marked as “threat name” that do not have defined threat names associated with them. This is expected and the name will get an assigned number such as “Virus-60363”.

Cause

There may be a discrepancy between what is seen in Analytics and in the firewall as one may show as a randomly assigned number such as “Virus-60363”  in a report within your analytics server and on the firewall it may just show differently for GAV ID.

 

Resolution

This is due to our Cloud GAV service blocking that packet. With there being millions of signatures, we do not have names mapped for all of them. It will only show as ID only.

This behavior is to be expected.

Image

Related Articles

  • How to Set On-Prem NSM to Safemode - for version 3.1.1 and prior
    Read More
  • How do I associate the devices with NSM from MySonicWall.com portal?
    Read More
  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More

Categories

Management and Reporting
Network Security Manager
Management and Reporting
On-Prem Analytics
not finding your answers?
Ask the Community
Chat