There is a difference between general purpose Anti-Spyware signatures and domain name based Anti-Spyware DNS signatures.
Resolution
Issue
When trying to add a specific threat ID for DNS spyware related threat inside Objects > Security profiles > Anti-spyware > Profile > DNS signatures > Threat ID exceptions, you may get the following error:
Threat <ID#> must be a value in range 3800000-4999999 or 5800000-5999999
This threat ID range covers domain name based DNS signatures.
Error while trying to add for threat ID 14875 Poison DNS request traffic.
In this example, threat ID 14875 is a general purpose Anti-Spyware signature, not a domain name based Anti-Spyware DNS signature.
Resolution
Only threat IDs with value in ranges 3800000-4999999 or 5800000-5999999 can be added to threat ID exceptions under the DNS Signatures tab. For signature based Anti-Spyware signatures, the exception should be configured under the Exceptions tab.