Exception for DNS signature which is showing the ID as 0 and FQDN as unknow

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exception for DNS signature which is showing the ID as 0 and FQDN as unknow

L2 Linker

Getting false positive for the Link tivoli.com.qa as threat name(68360795).Its getting DNS sinkholing.Can anyone help to know how we  give the exception only for the threat ID 68360795 and the Fqdn is tivoli.com.qa. Attached screenshots below


DNS-Sinkholing-tivoli.pngAntispyware Policy-tivoli.png


Accepted Solutions

Did you check the threat vault connectivity from PA devices.

Test connectivity to the Threat Vault using:
> test threat-vault connection 


or you can check it from System logs.





View solution in original post


L2 Linker

The firewall which am using shows an the signature's name as unknown signature and FQDN as showing as unknown-fqdn

Hello @CyberEye 


This seems to be a signature due to DNS security. Can you post the detailed threat logs so I can confirm?

Also, this signature is been replaced that means it is not included in the current release, you should not have any issue with this signature.




Himani Singh

Hi @hisingh 


Yes the signature due to DNS security.The firewall which am using all the signatures are currently showing as unknown signature and Unknown fqdn. Attached screenshot belowDNS_Sig.png

Same i checked another firewall which is having same AV nd APT versions. Am also trying to give an exception for 68360795 but which also showing as unknown in my FW.



Please share the detailed threat logs,  you have shared the spyware security profile -> threat exception. I am looking for monitor->threat logs-> detailed view.

Also, this signature is replaced so you will have no issue within it.

Finally, please check this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPdBCAW&lang=en_US%E2%80%A...




Himani Singh
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!