Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
madunix
New Contributor

Zeus

How yo block Zeus?

3 REPLIES 3
gschmitt
Valued Contributor

AV:

Go to Security Profiles > AntiVirus and change the radiobutton below ☑ Detect Connections to Botnet C&C Servers from Monitor to Block, hit Apply

 

Application Control:

Go to Security Profiles > Application Control, click the Botnet Category and select Block, hit Apply

 

Make sure that the Security Profile is active on your internal to wan policy. Either one should work.

ede_pfau

Either one should work.
Actually, the two work on different aspects of botnets.

 

The botnet C&C IP address blacklist is distributed and updated via the AV engine. This is a simple but effective address filter with near to no impact on CPU.

The AppCtrl signature checks for botnet activity which is not necessarily traffic to the C&C servers.

As such, CPU or CP load is a bit higher.

 

Both methods should be used at any installation as they complement each other.

 

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
madunix

Done ... 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors