https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578969#M2748 <P>I would like to validate if the below monitored traffic on our internal firewall is service-affecting.&nbsp; How can we address this dropped traffic?</P> <P>How can we cleanup these alerts?&nbsp;&nbsp;The same alert is shown on another FW 3430.&nbsp; Is it a normal behavior of firewall management IP to send DNS query?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 01 Mar 2024 06:34:21 GMT Ryan_Volante 2024-03-01T06:34:21Z https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578969#M2748 <P>I would like to validate if the below monitored traffic on our internal firewall is service-affecting.&nbsp; How can we address this dropped traffic?</P> <P>How can we cleanup these alerts?&nbsp;&nbsp;The same alert is shown on another FW 3430.&nbsp; Is it a normal behavior of firewall management IP to send DNS query?</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 01 Mar 2024 06:34:21 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578969#M2748 Ryan_Volante 2024-03-01T06:34:21Z https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578972#M2749 <P>You can configure DNS Sink holing to find out which actual IP Address generating this Spyware traffic, Based on that you can scan your device.&nbsp;</P> <P>&nbsp;</P> <P>Use the below document to configure DNS Sink holing.&nbsp;<BR /><BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0</A></P> Fri, 01 Mar 2024 06:50:44 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578972#M2749 suba_muthuram 2024-03-01T06:50:44Z https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578975#M2750 <P>Once we get to identify the IP address generating this spyware traffic, what will be the best approach to do next? And does it mean that this IP address is infected by a virus(spyware) or something?</P> Fri, 01 Mar 2024 07:09:47 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578975#M2750 Ryan_Volante 2024-03-01T07:09:47Z https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578999#M2751 <P>yes, There could be a possibility, the best approach is scan the host with an Antivirus software and verify is there any specific application has infected.&nbsp;</P> Fri, 01 Mar 2024 10:43:42 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/spyware-threat-alerts/m-p/578999#M2751 suba_muthuram 2024-03-01T10:43:42Z