As part of the PAN-OS 10.0 release, Palo Alto Networks is adding a new DNS Security category for Grayware.
ACTION: There is no action required at this time. The Grayware category will be set to “block” as a default action.
What is Grayware?
Palo Alto Networks defines Grayware as websites that do not pose a direct security threat but display other obtrusive behavior and tempt the end user to grant remote access or perform unauthorized actions.
The Grayware category will now include websites whose content pertains to scam, illegal activities, criminal activities, and get rich quick sites, as well as adware, and other unwanted or unsolicited applications, such as embedded crypto miners or hijackers that change the elements of the browser. Additionally the Grayware category will include 'typosquatting' domains that are not defined as phishing or defensive squatting.
When will the Grayware category be available in DNS Security?
The Grayware category is available as part of the PAN-OS 10.0 release. The content update will be available the week of August 4th, and the cloud service will begin publishing verdicts by the end of August. The default action will be set to 'Block' under the anti-spyware profile. On PAN-OS 9.0 and 9.1 releases, Grayware category support will not be available. For categories supported in those PAN-OS releases, please refer to the following documentation on DNS Security.
DNS security will prevent access to known Grayware Fully Qualified Domain Names. For comprehensive coverage, we recommend our URL filtering service that looks into a complete URL for categorization.
Does Palo Alto Networks have a test domain for the new Grayware category?