04-30-2013 01:38 AM
Hello,
on the cli show command I see under "XX Anti spyware" profile the botnet-domains policy but I'm not able to find it on GUI under object-securityprofiles -> antispyware.
Where botnet-domain behavior is configured on GUI ?
thank's .. here below the Cli output:
spyware {
"XX Anti Spyware" {
rules {
simple-critical {
severity critical;
packet-capture no;
threat-name any;
category any;
action {
alert;
}
}
simple-high {
severity high;
packet-capture no;
threat-name any;
category any;
action {
alert;
}
}
simple-medium {
severity medium;
packet-capture no;
threat-name any;
category any;
action {
alert;
}
}
simple-low {
severity low;
packet-capture no;
threat-name any;
category any;
action {
alert;
}
}
}
threat-exception {
12652 {
action {
allow;
}
}
20000 {
action {
allow;
}
}
}
botnet-domains {
packet-capture no;
action {
alert;
}
}
}
04-30-2013 10:09 AM
This is found under the DNS Signatures tab of the Anti-Spyware Profile:
You can configure the action and whether or not to take a packet capture.
Note that the default two profiles, "default" and "strict" cannot be modified. You will have to create a new one as you have done to modify this setting.
Hope this helps!
Greg Wesson
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
