Cannot change action for special Threat ID

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Cannot change action for special Threat ID

L0 Member

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert.

I want to change the default action via Anti-Spyware-Profile > Inline Cloud Analysis, but it's not possible for this special threat.

Any idea how to change this?


Thx in advance



L4 Transporter

You arent able to change the predefined security profiles if youre trying to change it from there. You would have to clone the profile and edit it there.


The threat ID is for this entirely, if you wanted to disable this you could set the action to alert. However, down below if where you can set specific exceptions for the threat. 




L0 Member

Sure, I've always been using a custom profile and all actions within "Inline Cloud Analysis" are set to "reset-both".


Cloud analysis.JPG


What I've found out in the meantime:

In some rare cases threat IDs within the range 89950-89953 are blocked.

No idea why...

And I still want to block all those threats.



Just to clarify, are you wanting to block or allow threat IDs 89950-89953? While I dont have much of this traffic being flagged in my environment, its possible that this operates similar to Wildfire, and it initially alerts/allows the traffic before the cloud comes back and says no for future connections.

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!