Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KirillEPM
Explorer

DNS Reputation Generic.TC.kmcpxf

Jump to solution

Good day! Please tell me how can block requests of this kind?
Thanks.


Screenshot_2.jpg
Screenshot_3.jpg

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee
Employee

Such a message usually implies that Anti-bot has blocked the communication, you should review the SK referenced and search for log entries with the trap IP to correlate/verify.

In R81 and above we changed the logging action in such instances to indicate traffic was blocked.

View solution in original post

0 Kudos
8 Replies
_Val_
Admin
Admin

It is on Detect because confidence level is Low. Go to DNS reputation protection and change action from Detect to Protect. Mind, with confidence Low you will get some false-positives. 

0 Kudos
KirillEPM
Explorer

Did I understand correctly that the actions need to be performed here?

Screenshot_4.jpg

0 Kudos
_Val_
Admin
Admin

Yes. The action is per profile. DO NOT change the three default profiles, create a new one based on one you are currently using, change there, and then re-apply the new profile to your Security Gateway. 

0 Kudos
Chris_Atkinson
Employee
Employee

Under "Forensic Details" what does the expanded Description field say?

0 Kudos
KirillEPM
Explorer

it says here:

Screenshot_5.jpg

 

0 Kudos
Chris_Atkinson
Employee
Employee

I think this isn't the correct screenshot, I was referring to the "Log Details" screen above.

0 Kudos
KirillEPM
Explorer

Screenshot_6.jpg

0 Kudos
Chris_Atkinson
Employee
Employee

Such a message usually implies that Anti-bot has blocked the communication, you should review the SK referenced and search for log entries with the trap IP to correlate/verify.

In R81 and above we changed the logging action in such instances to indicate traffic was blocked.

View solution in original post

0 Kudos