For details on cookie usage on our site, read our Privacy Policy
DNS Security
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-15-2019 07:13 AM
Hello,
Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?
I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile.
Warnings
- Warning: No Valid DNS Security License
- (Module: device)
Lukasz
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-13-2019 01:42 AM
Try delete it from CLI:
delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-13-2019 01:42 AM
Try delete it from CLI:
delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-13-2019 02:36 AM
I opened a case and it was escalated developers
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-29-2019 06:56 AM
Thank you, this works for me.
You can't delete it from the default anti-spyware profiles, so if you are using them the warning will appear everytime you commit.
I cloned both of them (default and strict). Then I delete that "default-paloalto-cloud" entry from these new profiles and to finish I ensured to change the defaults with the new ones in all the Profiles Groups, Security Policies, etc...
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-29-2019 07:17 AM
I got the confirmation from Engineering that it is expected not to be able to delete default DNS options from GUI. You can use CLI. Fix for the warnings during commit is targeted to be released on 9.0.4
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-06-2019 03:14 AM
I am trying to do this in Panoramma using the following command but get an error. The profile I am trying to delete it from is one I created and not a predefined one.
delete device-group [device-group] profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud
No object to delete in delete handler
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-06-2019 03:30 AM
Hi Rmarlow,
Is it possible that this object is in use? Or maybe shared?
Try cloning this object and deleting the profile "default-paloalto-cloud". If this works, it may be because the original object is referenced.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-06-2019 03:40 AM
Thanks for the quick response.
Looking at it again this profile was located in shared so I needed to use the following.
delete shared profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud
Many Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-30-2019 12:04 AM
Hi Team
is it possible to share the command to delete the Antispyware profile
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-13-2021 12:30 PM
I ran into this issue when I upgraded some VM-500s to 10.0.6. I was able to clone the default spyware profile, which I named "default-no-dns-sec" Then I went into CLI and issued the following commands to delete DNS specific items.
delete shared profiles spyware default-no-dns-sec botnet-domains lists default-paloalto-dns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-cc
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-ddns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-grayware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-malware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-parked
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-phishing
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-proxy
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-recent
On this firewall I have not "production" traffic yet, so I was able to disable all policies. I enabled 1 with this new profile and pushed from Panorama. No issues with the commit and no more warning. All policies and/or Security Profile Groups will need to be updated to completely solve this.
I do have a TAC case open, so I am waiting for confirmation from TAC on this.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-09-2021 03:06 AM
I think deleting the AntiSpyWare profile wouldn't be a great move. That will decrease your visibility. Try allowing an exception using the ID. You can do this from the Threat Monitor.
J
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-09-2021 05:09 AM
My comment above is only deleting the dns-sec from the profile, not removing the whole AntiSpyWare profile. I am still using all the other functions of the AntiSpyWare profile. Also my solution was confirmed to by TAC for a work around.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
- Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked in Threat & Vulnerability Discussions
- Edit/add an asset in IOT Security without any fields in IoT Security Discussions
- Remove asset from iot security in IoT Security Discussions
- dns sinkhole rule in Threat & Vulnerability Discussions
- Blocking Scammer website (cryptocurrency) in Threat & Vulnerability Discussions
