Unable to add a threat ID in DNS signatures Threat ID Exceptions

Unable to add a threat ID in DNS signatures Threat ID Exceptions

11968
Created On 09/26/18 13:44 PM - Last Modified 04/21/21 00:25 AM


Cause


There is a difference between general purpose Anti-Spyware signatures and domain name based Anti-Spyware DNS signatures.

Resolution


Issue

When trying to add a specific threat ID for DNS spyware related threat inside Objects > Security profiles > Anti-spyware > Profile > DNS signatures > Threat ID exceptions, you may get the following error:

 

Threat <ID#> must be a value in range 3800000-4999999 or 5800000-5999999

This threat ID range covers domain name based DNS signatures.

 

222.PNG

Error while trying to add for threat ID 14875 Poison DNS request traffic.

In this example, threat ID 14875 is a general purpose Anti-Spyware signature, not a domain name based Anti-Spyware DNS signature.

Resolution

Only threat IDs with value in ranges 3800000-4999999 or 5800000-5999999 can be added to threat ID exceptions under the DNS Signatures tab. For signature based Anti-Spyware signatures, the exception should be configured under the Exceptions tab.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmPCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language