This should not be so difficult.

Yes, I do see ACCEPT on the violation.

 

 

After I process to enter the value into the email textbox, I see an error/log for it in the Report section and also in the Policy Building Manual section.

 

 

After I process to enter the value "jroot@morrison.com", I go to Policy Building Manual. I click Attack Signature Staging. I see the SQL-INJ ROOT@ in the Signature Name column. I click the arrow to show the parameters. I see the email parameter with the value Disable in the Action column. I click on the number (now 41) in the Recent Incidents column of the email parameter and the Dialog Window opens. I click to go to the last page and click the last error in the Dialog Window since it is the most recent per the date/time stamp in the error. I then click the ACCEPT button.

 

 

I then see the Automatic Policy Building Configuration written at the top. I see at the top that the Policy Building Is Running for a minute or two. Then I see at the top The Policy Builder Is Not Running. So I see what you mean when you wrote about how briefly the Automatic Policy Builder runs.

 

 

I wait ten minutes or so though and I do not see a RED M.

 

 

Anyway, when I process again ten or fifteen minutes later, I get another error (the same error).

 

 

All along though, from the very beginning, the email parameter has this Attack Sig disabled. So what am I accepting when I click ACCEPT button considering that the error should not have been generated in the first place since I had disabled this Attack Signature for this email parameter? Clicking ACCEPT on each generated error and waiting until after the Automatic Policy Building runs briefly does not help as I keep getting the error every time I process.

 

 

Thanks much though for your help. I have created a Case Number C530401 about this issue.