UPDATE: I found our issue, the vendor that originally configured this device had not cloned the Anti-spyware profile, as such it was read-only. Once the profile was cloned, an exception could be created. We are seeing the same activity for a different domain. The threat notification is: Suspicious DNS Query (generic:rfenkq.com) Threat ID: 4045717 The source is our internal DNS, the targets are OpenDNS, which we use for DNS filtering and the Google DNS servers 220.127.116.11 and 18.104.22.168 Other than our creating a policy for this, is there a way to exempt this traffic? We are unable to exempt it via known methods (click on link, add IPs) as the Exempt Profiles column is blank and the 'Ok' button is never enabled to save the exemption. When listing all of the threats for the security profiles, #4045717 is not in any list (and our patterns are upto date).
... View more