Support Center > Search Results > SecureKnowledge Details
Malware DNS Trap protection in R81 and higher generates "Prevent" logs Technical Level
Symptoms
  • When the Malware DNS Trap is activated in the Threat Prevention profile (this is the default):

    • Security Gateways R80.40 and lower generate this log:

      Blade - Anti-Virus

      Action - Detect

      Description - DNS response was replaced with a DNS trap bogus IP. See sk74060 for more information.

      Protection Type - DNS Reputation

    • Security Gateways R81 and higher generate this log:

      Blade - Anti-Virus

      Action - Prevent

      Description - DNS response was replaced with a DNS trap bogus IP. See sk74060 for more information.

      Protection Type - DNS Reputation

Cause

Because the Malware DNS trap actually prevents the malicious DNS requests, the action in the log record was changed from "Detect" to "Prevent" in Security Gateways starting from the R81 version.


Solution

No fix is required. This behavior is by design.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment