We have recently configured NG Firewall F280 Rev.B.
I can see some on my internal IP's are listed in Threat Scan.
Some them are also fully compliance in term of WINDOWS UPDATE/PATCH MANAGEMENT and AV and no unauthorized software but they are still in list.
However users on these machine IP use internet for different purpose which may be the reason for being in list.
Now i don't under stand what should i do against these Machine however machines are fully PATCH and fully compliance.
As far my information these THREAD can be FALSE POSITIVE and may be the web site they are visiting have some vulnerability which stops by firewall and indicate on THREAT list also come here.
please help me in this regard.