Hi Meraki Community, On 2/28/18 we received the an IDS alert. Below is the screen shot of the alert from the Meraki security center. What I find very confusing is the Meraki has tagged this as malicious, however it allowed it. But then I called Meraki support, they stated that the firewall actually blocked it. They said the reason it shows allowed is they let a single packet through to scan, saw it was malicious, and then blocked the rest of the file. If that is the case, why not tag is as blocked on the dashboard? Then it gets weirder. Today we received an email alert stating the same file has gone from an unknown to malicious deposition. But Meraki support told me the first alert was known to be malicious and actually blocked (even though it reads allowed), so why am I now getting an alert stating as of today it's now malicious. Now if I go into security center here is what I see: My gut tells me the first alert on the 28th was not blocked, but actually allowed, and now the Meraki knows it was an actual threat. HOWEVER, if that is the case, why does the alert on the 28th state Malicious?
... View more