Gateway Anti-Virus (GAV) Signatures to block DNSChanger
03/26/2020 34 11973
DESCRIPTION: Gateway Anti-Virus (GAV) Signatures to block DNSChanger
DNSChanger is a malware that changes the DNS server addresses of a computer and replaces them with rogue DNS servers. These rogue DNS servers may divert traffic to illegal or potentially unsafe websites. The infection occurs when an executable file is downloaded either from other infected computers or from infected sites.
Gateway Anti-Virus (GAV) Signatures to block DNSChanger:
To ensure SonicWall GAV has signatures for this malware and has been enabled for blocking, perform the following steps:
Login to the SonicWall management GUI
Navigate to the Security Services > Gateway Anti-Virus page.
Enable check box under Enable Gateway Anti-Virus and click on Accept at the top.
Click on the Update button under Signature Database Timestamp
Under Lookup Signatures Containing String, enter keyword DNSChanger and click on the edit button.
The following signatures will be listed. Make sure the check box under Enable is enabled.
Enable Gateway Anti-Virus (GAV) on Zones:
Navigate to the Network > Zones page
Click on configure on the required zones viz. LAN, WAN, DMZ etc.
Enable check box under Enable Gateway Anti-Virus Service