Patrick Burm wrote: >>Update, upon further review, I "Think" that once another rule has got >>them blocked, further legitimate traffic shows up as a probe. So it >>may have worked as advertised. I think both of these offices have a >>virus that is causing too many undeliverables to themselves, and >>therefore tripped the other issue, and only then did the "probes" >>start happening.
Patrick, you're exactly right. Once a "blockable" offense occurs in BlackICE--and there are not many--then while the IP is blocked every attempt to access the server whether legitimate or not will be logged in one way or another . While the IP is still blocked, if you're interested in more detail in the UI, you can go into the Advanced Firewall Settings screen to see exactly when the block began (and then look in the Events list to find the event that caused the block at that time). Also if you add the column to the Events view called Parameter(s), you will be able to see in that column which logged events BlackICE had firewalled (it will say "reason=Firewalled"). To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
