Question on Anti-Spyware DNS signatures

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question on Anti-Spyware DNS signatures

L3 Networker

Hi,

as far as I understand Anti-Spyware profiles, the DNS options will find DNS lookups to known malware sites. How exactly does this work? Will the actual DNS lookup be blocked or will the client's access to the site be blocked?

Quote from the documentation:

Additionally, hosts that perform DNS queries for malware domains will appear in the botnet report. DNS signatures are downloaded as part of the antivirus updates.


What if hosts use an internal DNS server? That would result in only the DNS server showing up in the botnet report?


Thanks


1 accepted solution

Accepted Solutions

L6 Presenter

Hi...The default action is to alert(log) these DNS lookups.  You can configure the action for the DNS signature in the anti-spyware profile as seen:

Only the DNS query matching the DNS signature will be block. Other DNS query not matching will be allow through.

If all external DNS queries are performed by an internal DNS server, then yes the botnet report would show the source as the internal DNS server.  Thanks.

View solution in original post

2 REPLIES 2

L6 Presenter

Hi...The default action is to alert(log) these DNS lookups.  You can configure the action for the DNS signature in the anti-spyware profile as seen:

Only the DNS query matching the DNS signature will be block. Other DNS query not matching will be allow through.

If all external DNS queries are performed by an internal DNS server, then yes the botnet report would show the source as the internal DNS server.  Thanks.

thanks - much appreciated.

  • 1 accepted solution
  • 2897 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!