How to remove a DNS Signature exception

How to remove a DNS Signature exception

679
Created On 07/08/25 12:49 PM - Last Modified 01/15/26 14:34 PM


Question


How do you remove a DNS signature exception (these exceptions are found in Objects tab > Antispyware > select the Antispyware profile > DNS Exceptions tab> under the DNS exceptions pane)? I do not see a way to do so from the firewall GUI:

Environment

Answer


At the time of this article, the only way to remove a DNS signature exception is through the firewall CLI:

  1. login to the firewall CLI
  2. Enter configure mode with the configure command
> configure
  1. Use the following command to delete the exception:
# delete profiles spyware <profile_name> botnet-domains threat-exception <Threat_ID>
    • Replace <profile_name> with the name of the profile that has the exception and <Threat_ID> with the ID you are removing.
    1. commit your changes with the commit command and exit.
    # commit
    # exit
    1. On firewall GUI, you can confirm the exception has now been removed:
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxp0KAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail