I have a question regarding addition of exceptions to a Threat Prevention policy on perimeter gateways.
Few servers are running DNS queries to external honeypot site and not all of them are getting prevented by Anti-Bot, Few logs show "Detect" too.
I would like to write an exception on TP policy and set the action to "Prevent", I want to try it to eliminate the possibility of any false negatives. (Refer to the attached image for the exception rule that I wanted to try)
My question is : Is it normal to write TP exceptions and set action to prevent ?