Encrypted-DNS False Positive Heads Up

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Encrypted-DNS False Positive Heads Up

Cyber Elite
Cyber Elite

Presently 20230406.20033 and earlier updates are presenting a large number of false positive categorizations for encrypted-dns. This includes several domains from Bitwarden, YouTube, Google, Microsoft, Spotify, and many many others. If you have encrypted-dns set to block you may get reports of many services not functioning properly.

6 REPLIES 6

L3 Networker

Any updates on a resolution for this?    

Cyber Elite
Cyber Elite

@securehops,

This is said to be addressed, however someone of the domains falsely categorized last night are still being corrected and reported. If you haven't done so already and you're affected by this, ensure that you've cleared the cache on your firewall to verify that you have the current categorizations. I've listed the command below.

I've sent three updates with a handful of domains still as of this morning that needed to be corrected, but the majority appear to be categorized properly now.

 

clear url-cache all

Thansk @BPry.  I'm also still seeing some of the domains being categorized as Encrypted DNS  (based of the Test A Site url).   Do you have an official link where this says it was addressed?   I opened a priority ticket last night but still waiting on a response.

Cyber Elite
Cyber Elite

@securehops,

I don't have any acknowledgement that it was addressed officially by PAN outside of an update I have on a TAC ticket earlier this morning. A lot of the false positives that I gave as examples were addressed earlier this morning, but not everything. It looks like they attempted to clear things up but more minor domains may need to be individually reported. 

Thanks @BPry , wanted to make sure I didn't miss something official!

L2 Linker

Looks like the issue is solved to me as of ~9PM of 12th April (CEST time).

Check out my Palo Alto blog! https://www.buymeacoffee.com/emyl79
  • 2518 Views
  • 6 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!