I am seeing a lot of traffic to IPs generating alarms as a security risk (malware). But when I look at these IPs in any online reputation service, the ones I’ve checked are coming back fine (Talos, spamalytics, etc.) and that includes within 30 minutes of the alarm.
How does Firewalla make the determination to flag the IP as malware? I do have Strict mode enabled, but that doesn’t tell me why (or how) Firewalla determined an IP to be associated with malware. Especially when I can’t corroborate the results with independent data.
Please sign in to leave a comment.