This article will explain how to check blocked IPs and how to check false-positives for anti-malwares and IP reputation filter (URL Threat Filter & DNS Threat Filter). 

Check Threats via Threat Intelligence

You can check viruses via our Threat Intelligence website

https://threatintelligence.zyxel.com/malware

Read more here: 

Threat Intelligence - Search Database for Viruses/Hashs/Malware/URLs/Signatures

1) Anti-Malware

For Anti-Malware, please navigate to 

Monitor -> Security Statistics -> Anti-Malware

Make sure that the "collect statistics" is enabled, otherwise, the firewall won't record any viruses detected.

1.1 For False-Positives

If you are not sure if this is a false-positive or not, please contact Zyxel Support.

However, if you know that the file is secure and you want to allow it, you can do so by navigating to

Configuration -> Security Service -> Anti-Malware -> Block/Allow List

Then you can add the signature of that false-positive.

2) IP Reputation Filter

This section will talk about blocked IPs and how you should handle them.

For Reputation Filter, please navigate to 

Monitor -> Security Statistics -> Reputation Filter

Make sure that the "collect statistics" is enabled, otherwise, the firewall won't record any URLs detected.

2.1 Verify the IPs detected

Our devices use the database of Webroot for it's IP Reputation filter.
You can verify the result of our device here:
https://www.brightcloud.com/tools/url-ip-lookup.php

2.2 Prevent certain IPs of getting blocked

First you should verify the result of our device with other IP Reputation services like Cyren, Cisco, Trendmicro, Symantec or Proofpoint. When they all are the same opinion, that the IP is clean, then you can add the IP to the whitelist without fear, that it could still cause harm to your network.

You can find the white list under the following path:

Configuration -> Security Service -> Reputation Filter -> IP Reputation -> White List

You can only add IPs to the white list. It's not possible to add URLs or FQDNs.