https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/262546#M568 <P>I got the confirmation from Engineering that it is expected not to be able to delete default DNS options from GUI. You can use CLI. Fix for the warnings during commit is targeted to be released on 9.0.4</P> Wed, 29 May 2019 14:17:39 GMT lcelinski 2019-05-29T14:17:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/257619#M542 <P>Hello,</P><P>Is there any way to turn off the following information after commit on 9.0.1 with&nbsp;<SPAN>Anti-Spyware Profile attached to Security Policy?</SPAN></P><P><SPAN>I can't delete Palo Alto Networks DNS Security option from&nbsp;Anti-Spyware Profile.</SPAN></P><P>&nbsp;</P><P><STRONG>Warnings</STRONG></P><DIV class="x-form-element"><DIV class=" x-form-display-field"><UL><LI>Warning: No Valid DNS Security License</LI><LI>(Module: device)</LI></UL><P>&nbsp;</P><P>Lukasz</P></DIV></DIV> Mon, 15 Apr 2019 14:13:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/257619#M542 lcelinski 2019-04-15T14:13:54Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/260679#M546 <P>Try delete it from CLI:</P> <P>&nbsp;</P> <P class="p1">delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud&nbsp;</P> <P class="p1">&nbsp;</P> <P class="p1">&nbsp;</P> Mon, 13 May 2019 08:42:48 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/260679#M546 Retired Member 2019-05-13T08:42:48Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/260683#M547 <P>I opened a case and it was escalated&nbsp;developers</P> Mon, 13 May 2019 09:36:15 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/260683#M547 lcelinski 2019-05-13T09:36:15Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/262545#M567 <P>Thank you, this works for me.</P><P>&nbsp;</P><P>You can't delete it from the default anti-spyware profiles, so if you are using them the warning will appear everytime you commit.</P><P>I cloned both of them (default and strict). Then I delete that "default-paloalto-cloud" entry from these new profiles and to finish I ensured to change the defaults with the new ones in all the Profiles Groups, Security Policies, etc...</P> Wed, 29 May 2019 13:56:53 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/262545#M567 aritzposada 2019-05-29T13:56:53Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/262546#M568 <P>I got the confirmation from Engineering that it is expected not to be able to delete default DNS options from GUI. You can use CLI. Fix for the warnings during commit is targeted to be released on 9.0.4</P> Wed, 29 May 2019 14:17:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/262546#M568 lcelinski 2019-05-29T14:17:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267285#M574 <P>I am trying to do this in Panoramma using the following command but get an error. The profile I am trying to delete it from is one I created and not a predefined one.</P><P>&nbsp;</P><P>delete device-group [device-group] profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud</P><P>&nbsp;</P><P>No object to delete in delete handler</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 06 Jun 2019 10:14:20 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267285#M574 rmarlow 2019-06-06T10:14:20Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267286#M575 <P>Hi Rmarlow,</P><P>&nbsp;</P><P>Is it possible that this object is in use? Or maybe shared?<BR />Try cloning this object and deleting the profile "default-paloalto-cloud". If this works, it may be because the original object is referenced.</P> Thu, 06 Jun 2019 10:30:12 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267286#M575 aritzposada 2019-06-06T10:30:12Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267287#M576 <P>Thanks for the quick response.</P><P>&nbsp;</P><P>Looking at it again this profile was located in shared so I needed to use the following.</P><P>&nbsp;</P><P>delete shared profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud</P><P>&nbsp;</P><P>Many Thanks</P> Thu, 06 Jun 2019 10:40:34 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/267287#M576 rmarlow 2019-06-06T10:40:34Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/279927#M615 <P>Hi Team&nbsp;</P><P>&nbsp;</P><P>is it possible to share the command to delete the Antispyware profile&nbsp; &nbsp;</P> Tue, 30 Jul 2019 07:04:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/279927#M615 HemanthV 2019-07-30T07:04:22Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/419100#M1228 <P>I ran into this issue when I upgraded some VM-500s to 10.0.6.&nbsp; I was able to clone the default spyware profile, which I named "default-no-dns-sec"&nbsp; Then I went into CLI and issued the following commands to delete DNS specific items.</P><P>delete shared profiles spyware default-no-dns-sec botnet-domains lists default-paloalto-dns<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-cc<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-ddns<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-grayware<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-malware<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-parked<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-phishing<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-proxy<BR />delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-recent</P><P>&nbsp;</P><P>On this firewall I have not "production" traffic yet, so I was able to disable all policies.&nbsp; I enabled 1 with this new profile and pushed from Panorama.&nbsp; No issues with the commit and no more warning.&nbsp; All policies and/or Security Profile Groups will need to be updated to completely solve this.</P><P>I do have a TAC case open, so I am waiting for confirmation from TAC on this.</P> Tue, 13 Jul 2021 19:30:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/419100#M1228 jesseivens 2021-07-13T19:30:22Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/432768#M1310 <P>I think deleting the AntiSpyWare profile wouldn't be a great move. That will decrease your visibility. Try allowing an exception using the ID. You can do this from the Threat Monitor.</P><P>&nbsp;</P><P>J</P> Thu, 09 Sep 2021 10:06:08 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/432768#M1310 Kryptonite 2021-09-09T10:06:08Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/432790#M1311 <P>My comment above is only deleting the dns-sec from the profile, not removing the whole AntiSpyWare profile.&nbsp; I am still using all the other functions of the AntiSpyWare profile.&nbsp; Also my solution was confirmed to by TAC for a work around.</P> Thu, 09 Sep 2021 12:09:47 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/dns-security/m-p/432790#M1311 jesseivens 2021-09-09T12:09:47Z