https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63392#M38156 <P>1. What is the action for other decoders than smtp?</P><P><EM>Action: all block; WildFire Action: all&nbsp;block</EM></P><P>&nbsp;</P><P>2. The policy to which the AV profile is applied. Does it process other kind of traffic?</P><P><EM>no diffrent AV profile is&nbsp;used between other rules. but the policy&nbsp;for smtp only allow smtp (app-default)&nbsp;traffic.</EM></P><P>&nbsp;</P><P>3. If it does, do the other traffic actually carry any threat data?&nbsp;</P><P><EM>threat data on other policies are there (except wildfire-virus)</EM></P><P>&nbsp;</P><P>4. Do you have any exceptions applied under applications tab in the screenshot above?</P><P><EM>nope</EM></P> Thu, 20 Aug 2015 13:32:56 GMT Hithead 2015-08-20T13:32:56Z https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63337#M38125 <P>Hi all,</P><P>&nbsp;</P><P>just wondering why I see in our threat logs entries with the type&nbsp;wildfire-virus only for the application smtp...</P><P>&nbsp;</P><P>(I would&nbsp;like to post some&nbsp;screenshots, but&nbsp;I cant find the upload button?)</P><P>&nbsp;</P><P>&nbsp;What is the type wildfire-virus standing for? And where can I enable it for other applications as well?</P> Wed, 19 Aug 2015 14:26:03 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63337#M38125 Hithead 2015-08-19T14:26:03Z https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63387#M38153 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/2357">@Hithead</a>,</P><P>&nbsp;</P><P><SPAN>wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures.&nbsp;</SPAN></P><P><SPAN>In short,</SPAN></P><P><SPAN>AV signatures are identified using subtype virus.</SPAN></P><P><SPAN>Wildfire signatures are identified using subtype wildfire-virus.</SPAN></P><P>&nbsp;</P><P><SPAN>Hope this helps.</SPAN></P><P>&nbsp;</P><P><SPAN>Thank You.</SPAN></P><P>&nbsp;</P> Thu, 20 Aug 2015 12:14:12 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63387#M38153 prb 2015-08-20T12:14:12Z https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63388#M38154 <P>thank you very much vor your response.</P><P>&nbsp;</P><P>But I'm still wondering, why I see wildfire-virus logs&nbsp;only in combination with smtp... I guess wildfire-virus should also track and identify threats on other protocols/applications as well...</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 20 Aug 2015 12:24:22 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63388#M38154 Hithead 2015-08-20T12:24:22Z https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63390#M38155 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/2357">@Hithead</a></P><P>&nbsp;</P><P>Sure it should inspect traffic from other decoders as well.<IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10i7D71E7F0FB5087FE/image-size/original?v=mpbl-1&amp;px=-1" border="0" alt="wildfire.JPG" title="wildfire.JPG" /></P><P>&nbsp;</P><P>Wildfire action is set using the highlighted column in anti-virus profile.</P><P>&nbsp;</P><P>You might need to check lot of other factors -</P><P>1. What is the action for other decoders than smtp?</P><P>2. The policy to which the AV profile is applied. Does it process other kind of traffic?</P><P>3. If it does, do the other traffic actually carry any threat data?&nbsp;</P><P>4. Do you have any exceptions applied under applications tab in the screenshot above?</P><P>Etc.</P><P>&nbsp;</P><P>Thank You.</P> Thu, 20 Aug 2015 12:47:50 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63390#M38155 prb 2015-08-20T12:47:50Z https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63392#M38156 <P>1. What is the action for other decoders than smtp?</P><P><EM>Action: all block; WildFire Action: all&nbsp;block</EM></P><P>&nbsp;</P><P>2. The policy to which the AV profile is applied. Does it process other kind of traffic?</P><P><EM>no diffrent AV profile is&nbsp;used between other rules. but the policy&nbsp;for smtp only allow smtp (app-default)&nbsp;traffic.</EM></P><P>&nbsp;</P><P>3. If it does, do the other traffic actually carry any threat data?&nbsp;</P><P><EM>threat data on other policies are there (except wildfire-virus)</EM></P><P>&nbsp;</P><P>4. Do you have any exceptions applied under applications tab in the screenshot above?</P><P><EM>nope</EM></P> Thu, 20 Aug 2015 13:32:56 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/m-p/63392#M38156 Hithead 2015-08-20T13:32:56Z