generic:beerwineandcupcakes

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

generic:beerwineandcupcakes

L1 Bithead

Upgraded to PAN OS 5.0 last weekend, got home from the Ignite Conference and was looking through the Threat Logs and I see a bunch of entries for spyware based on DNS signatures (new feature in PAN OS 5.0).  Is there anyway to find out more information about this?  I know it says Generic in the name, so I'm guessing this is a broad category.  It would be nice if there was something similar to the Applipedia for these new DNS signatures.  Thanks for any suggestions, I am going to try and dig deeper into the the box that is throwing those log messages.

spware.jpg

3 REPLIES 3

L0 Member

I agree or at least a place to report false positives like generic:channahon.org which is a municipal site.  Perhaps in the past they hosted malware but I cant imagine it being continuously either way I have no way of knowing.

L4 Transporter

I struggle with this too. Hard to really determine what to look further into.

L4 Transporter

Ditto this.

Is there currently any explanation of what the 'Categories' mean e.g. difference between Generic and Trojan-Dropper (the two I've seen so far, though I know the latter at least is fairly obvious!).

It would also be nice to be able to split the policy and block some and not others (based on category etc).

Rgds

  • 2193 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!