generic:beerwineandcupcakes

Reply
L1 Bithead

generic:beerwineandcupcakes

Upgraded to PAN OS 5.0 last weekend, got home from the Ignite Conference and was looking through the Threat Logs and I see a bunch of entries for spyware based on DNS signatures (new feature in PAN OS 5.0).  Is there anyway to find out more information about this?  I know it says Generic in the name, so I'm guessing this is a broad category.  It would be nice if there was something similar to the Applipedia for these new DNS signatures.  Thanks for any suggestions, I am going to try and dig deeper into the the box that is throwing those log messages.

spware.jpg

Tags (1)
Highlighted
L0 Member

Re: generic:beerwineandcupcakes

I agree or at least a place to report false positives like generic:channahon.org which is a municipal site.  Perhaps in the past they hosted malware but I cant imagine it being continuously either way I have no way of knowing.

L4 Transporter

Re: generic:beerwineandcupcakes

I struggle with this too. Hard to really determine what to look further into.

L4 Transporter

Re: generic:beerwineandcupcakes

Ditto this.

Is there currently any explanation of what the 'Categories' mean e.g. difference between Generic and Trojan-Dropper (the two I've seen so far, though I know the latter at least is fairly obvious!).

It would also be nice to be able to split the policy and block some and not others (based on category etc).

Rgds

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!