Multiple threat/spyware-Alert for Palo Alto Test URL's

Multiple threat/spyware-Alert for Palo Alto Test URL's

166
Created On 10/27/22 19:40 PM - Last Modified 11/13/25 00:05 AM


Symptom


  • These alerts are generated in the Threat logs when we have the Palo Alto Malware test URLs configured as source address in the security policy.
  • If the address are configured in the policy then the traffic is generated against these URLs from the Management IP of the Firewall.

Environment


  • All PAN-OS
  • Threat Prevention 
  • DNS Security

Cause


  • The cause for the alerts generated are from the URLs configured in the security policy.

URL-Object called in the policyimage.png

Security Policy

image.png

  • Threat Alerts seen
image.png

Resolution


We can stop these alerts only by disabling/removing the security policy from the firewall.

Additional Information


  • The Palo Alto Test URL are from the below article under step-5
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/dns-security/enable-dns-security
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEoSCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail