04-15-2019 07:13 AM
Hello,
Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?
I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile.
Warnings
Lukasz
05-13-2019 01:42 AM
Try delete it from CLI:
delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud
05-13-2019 01:42 AM
Try delete it from CLI:
delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud
05-13-2019 02:36 AM
I opened a case and it was escalated developers
05-29-2019 06:56 AM
Thank you, this works for me.
You can't delete it from the default anti-spyware profiles, so if you are using them the warning will appear everytime you commit.
I cloned both of them (default and strict). Then I delete that "default-paloalto-cloud" entry from these new profiles and to finish I ensured to change the defaults with the new ones in all the Profiles Groups, Security Policies, etc...
05-29-2019 07:17 AM
I got the confirmation from Engineering that it is expected not to be able to delete default DNS options from GUI. You can use CLI. Fix for the warnings during commit is targeted to be released on 9.0.4
06-06-2019 03:14 AM
I am trying to do this in Panoramma using the following command but get an error. The profile I am trying to delete it from is one I created and not a predefined one.
delete device-group [device-group] profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud
No object to delete in delete handler
06-06-2019 03:30 AM
Hi Rmarlow,
Is it possible that this object is in use? Or maybe shared?
Try cloning this object and deleting the profile "default-paloalto-cloud". If this works, it may be because the original object is referenced.
06-06-2019 03:40 AM
Thanks for the quick response.
Looking at it again this profile was located in shared so I needed to use the following.
delete shared profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud
Many Thanks
07-30-2019 12:04 AM
Hi Team
is it possible to share the command to delete the Antispyware profile
07-13-2021 12:30 PM
I ran into this issue when I upgraded some VM-500s to 10.0.6. I was able to clone the default spyware profile, which I named "default-no-dns-sec" Then I went into CLI and issued the following commands to delete DNS specific items.
delete shared profiles spyware default-no-dns-sec botnet-domains lists default-paloalto-dns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-cc
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-ddns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-grayware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-malware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-parked
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-phishing
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-proxy
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-recent
On this firewall I have not "production" traffic yet, so I was able to disable all policies. I enabled 1 with this new profile and pushed from Panorama. No issues with the commit and no more warning. All policies and/or Security Profile Groups will need to be updated to completely solve this.
I do have a TAC case open, so I am waiting for confirmation from TAC on this.
09-09-2021 03:06 AM
I think deleting the AntiSpyWare profile wouldn't be a great move. That will decrease your visibility. Try allowing an exception using the ID. You can do this from the Threat Monitor.
J
09-09-2021 05:09 AM
My comment above is only deleting the dns-sec from the profile, not removing the whole AntiSpyWare profile. I am still using all the other functions of the AntiSpyWare profile. Also my solution was confirmed to by TAC for a work around.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
