Results 1 to 1 of 1
  1. #1
    Join Date
    Mar 2020

    Default Rules not evaluating properly after latest 3-19-20 release

    When I set threat prevention rules they seem to be applying as "OR" statements, instead of "AND". I created this rule:


    This is my All Web Events report after enabling that rule:


    As you can see it allowed a High Risk IP through with port 80 being the only matching part.

    This is my Blocked Web Events while the rule is active:


    And this is what it looks like with the rule off:


    The only successful workaround I've been able to come up with is only adding the Source IP Address to a Pass rule in threat prevention. I would like these rules to apply as they should as I don't want to open every port for each IP Address "pass". Just the port I want them to access. Anything else you need from me please let me know.
    Last edited by awarren; 03-30-2020 at 10:39 AM. Reason: formatting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2