06-01-2013 06:27 AM
Hi,
as far as I understand Anti-Spyware profiles, the DNS options will find DNS lookups to known malware sites. How exactly does this work? Will the actual DNS lookup be blocked or will the client's access to the site be blocked?
Quote from the documentation:
Additionally, hosts that perform DNS queries for malware domains will appear in the botnet report. DNS signatures are downloaded as part of the antivirus updates.
What if hosts use an internal DNS server? That would result in only the DNS server showing up in the botnet report?
Thanks
06-02-2013 08:41 AM
Hi...The default action is to alert(log) these DNS lookups. You can configure the action for the DNS signature in the anti-spyware profile as seen:
Only the DNS query matching the DNS signature will be block. Other DNS query not matching will be allow through.
If all external DNS queries are performed by an internal DNS server, then yes the botnet report would show the source as the internal DNS server. Thanks.
06-02-2013 08:41 AM
Hi...The default action is to alert(log) these DNS lookups. You can configure the action for the DNS signature in the anti-spyware profile as seen:
Only the DNS query matching the DNS signature will be block. Other DNS query not matching will be allow through.
If all external DNS queries are performed by an internal DNS server, then yes the botnet report would show the source as the internal DNS server. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
