192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Matched a rule, stop deferring trust 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 allow action 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 app event with client no change, service changed, payload no change, referred no change, misc no change, url no change, tls host no change, bits 0x4 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Starting with minimum 20, 'Geo In', and SrcZone first with zones 1 -> 4, geo 0 -> 0, vlan 0, src sgt: 0, src sgt type: unknown, dst sgt: 0, dst sgt type: unknown, svc -1, payload 4665, client 0, misc 0, user 9999997 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 20, 'Geo In', src network, GEO, FQDN 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 21, 'Geo Out', dst network, GEO, FQDN 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 22, 'EXP Public', DstZone 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 23, 'ICMP', IPProto 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 24, 'Blocked Categories', no host 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 25, 'Blocked URLs', no host 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 26, 'Blocked Apps', app s=-1 c=0 p=4665 m=0 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 27, 'Agent Office', src network, GEO, FQDN 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 28, 'RDG SRV8', DstPort 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 29, 'SMTP', DstPort 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 30, 'Exchange Client', DstPort 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 31, 'SRV4', DstPort 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 no match rule order 32, 'File Rule', no host 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 match rule order 34, 'Default Outbound', action Allow 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 allow action 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 File policy verdict is Type, Malware, and Capture 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 File type verdict Reject, fileAction Block, flags 0x3500, and type action Reject for type 21 of instance 1313728486 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 File type event for file named Users\diego\Desktop\IISCrypto.exe with disposition type and action Block 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Archive childs been processed No 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Resume block 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Deleting Firewall session 192.168.1.14 50055 -> 192.168.10.26 445 6 AS=0 ID=1 GR=1-1 Generating an EOF event