It looks that it is still waiting 72h before clearing in 9.203-3.
I have a client that have isolated subnet connected to one of UTM eth port just for purposes of servicing PC computers for their customers. Every few days they detect some kind of ATP threat, because in most cases computers were not broken because of hardware but the software and infection problems.
The same UTM is also used for their production LAN on another eth port, so ATP status on the Dashboard is always in "Red Alert" state which usually confuses them.
It looks that it is still waiting 72h before clearing in 9.203-3.
I have a client that have isolated subnet connected to one of UTM eth port just for purposes of servicing PC computers for their customers. Every few days they detect some kind of ATP threat, because in most cases computers were not broken because of hardware but the software and infection problems.
The same UTM is also used for their production LAN on another eth port, so ATP status on the Dashboard is always in "Red Alert" state which usually confuses them.
