WatchGuard Technologies | kA10H000000g3brSAA

Issue

In a specific set of circumstances, when an indicator gets re-scored by the Malware Verification Service (MVS) a TDR policy does not take the configured remediation action. This can happen if an indicator is rescored by MVS after a new TDR policy is added if the indicator does not change the overall incident score for a host. Example scenario for this issue: A Host Sensor reports an indicator initially scored at 3 based on heuristics.MVS re-scores the indicator to 8. There is no configured TDR policy to automatically remediate the threat.A TDR policy is added to remediate indicators with a score of 8 or higher. The new policy does not apply to the existing indicator.The Host Sensor on the same host reports a new indicator initially scored at 3 based on heuristics.MVS rescores the indicator to 8.The configured TDR policy does not take action to remediate the indicator because the incident score for the host is unchanged.