https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/503260#M105406 <P>Is it possible that all that host traffic is being sinkholed due to quarantine actions?&nbsp;</P><P>&nbsp;</P><P>I checked, indeed that site is categorized as low-risk &amp; computer/internet info, so unless you are explicitly sinkhole-ing low-risk sites, this should not be the case.&nbsp;</P><P>&nbsp;</P><P>Low sev TAC threat case?</P> Tue, 14 Jun 2022 00:46:09 GMT LAYER_8 2022-06-14T00:46:09Z https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/503184#M105402 <P>This host is flagged as suspicious domain and getting resolved to sinkhole.paloaltonetworks.com.&nbsp; This is a legit host name using for Microsoft certificates.&nbsp; Looking for a way to restore correct resolution.</P><P>&nbsp;</P><P>C:\&gt;nslookup cdp1.public-trust.com</P><P><BR />Name: sinkhole.paloaltonetworks.com<BR />Address: 72.5.65.111<BR />Aliases: cdp1.public-trust.com</P><P>Thanks</P> Mon, 13 Jun 2022 16:31:14 GMT https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/503184#M105402 DonJarmon 2022-06-13T16:31:14Z https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/503260#M105406 <P>Is it possible that all that host traffic is being sinkholed due to quarantine actions?&nbsp;</P><P>&nbsp;</P><P>I checked, indeed that site is categorized as low-risk &amp; computer/internet info, so unless you are explicitly sinkhole-ing low-risk sites, this should not be the case.&nbsp;</P><P>&nbsp;</P><P>Low sev TAC threat case?</P> Tue, 14 Jun 2022 00:46:09 GMT https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/503260#M105406 LAYER_8 2022-06-14T00:46:09Z https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/504056#M105474 <P>I found the stray entry in an External Dynamic List (EDL) feed and was able to exclude entry until list provider was able to correct.</P> Thu, 16 Jun 2022 04:01:53 GMT https://live.paloaltonetworks.com/t5/general-topics/sinkhole-exclusion/m-p/504056#M105474 DonJarmon 2022-06-16T04:01:53Z