- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AV:
Go to Security Profiles > AntiVirus and change the radiobutton below ☑ Detect Connections to Botnet C&C Servers from Monitor to Block, hit Apply
Application Control:
Go to Security Profiles > Application Control, click the Botnet Category and select Block, hit Apply
Make sure that the Security Profile is active on your internal to wan policy. Either one should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Either one should work.Actually, the two work on different aspects of botnets.
The botnet C&C IP address blacklist is distributed and updated via the AV engine. This is a simple but effective address filter with near to no impact on CPU.
The AppCtrl signature checks for botnet activity which is not necessarily traffic to the C&C servers.
As such, CPU or CP load is a bit higher.
Both methods should be used at any installation as they complement each other.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Done ...