https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535621#M1889 <P>Hi All,<BR /><BR />Good day, Does anyone have a resolution for this? There are a lot of these generated.&nbsp;<BR />"Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection"<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mudvayne15_0-1679615555729.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48993i855D2CDD388679D8/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="mudvayne15_0-1679615555729.png" alt="mudvayne15_0-1679615555729.png" /></span><BR />Thank you</P> <P>&nbsp;</P> Thu, 23 Mar 2023 23:54:22 GMT mudvayne15 2023-03-23T23:54:22Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535621#M1889 <P>Hi All,<BR /><BR />Good day, Does anyone have a resolution for this? There are a lot of these generated.&nbsp;<BR />"Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection"<BR /><BR /></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mudvayne15_0-1679615555729.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48993i855D2CDD388679D8/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="mudvayne15_0-1679615555729.png" alt="mudvayne15_0-1679615555729.png" /></span><BR />Thank you</P> <P>&nbsp;</P> Thu, 23 Mar 2023 23:54:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535621#M1889 mudvayne15 2023-03-23T23:54:22Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535634#M1891 <P>I'd suggest to check if the traffic is legitimate. You may want to check the IP address &amp; the port number to see which application could be generating the traffic and also take a packet capture (if necessary) to understand the traffic better.</P> <P><BR />The "app override" would be one of the workarounds. Alternatively, if the IP address is fixed, an exception can be set in OBJECTS =&gt; Security Profiles =&gt; Anti-Spyware =&gt; Anti-Spyware Profile =&gt; Inline Cloud Analysis =&gt; Exclude from Inline Cloud Analysis =&gt; IP ADDRESS.</P> Fri, 24 Mar 2023 04:55:58 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535634#M1891 ymiyashita 2023-03-24T04:55:58Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535635#M1892 <P>Thanks for your input, I noticed the destination is already excluded from Inline Cloud analysis. I will also add the source destination since it mostly comes from a fixed IP address.&nbsp;</P> Fri, 24 Mar 2023 05:11:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/535635#M1892 mudvayne15 2023-03-24T05:11:54Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/541626#M1934 <P>Yes, a shortcoming of the documentation and what's posted here is which IP address should be added for an exclusion? Source? Destination?</P> <P>&nbsp;</P> Tue, 09 May 2023 22:35:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/inline-cloud-analyzed-unknown-tcp-command-and-control-traffic/m-p/541626#M1934 LCMember40912 2023-05-09T22:35:06Z