https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5739#M4195 <HTML><HEAD></HEAD><BODY><P>How long will wildfire do the analyze malicious behavior?</P></BODY></HTML> Mon, 22 Jul 2013 10:30:43 GMT TSPI 2013-07-22T10:30:43Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5739#M4195 <HTML><HEAD></HEAD><BODY><P>How long will wildfire do the analyze malicious behavior?</P></BODY></HTML> Mon, 22 Jul 2013 10:30:43 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5739#M4195 TSPI 2013-07-22T10:30:43Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5740#M4196 <HTML><HEAD></HEAD><BODY><P>For example, wildfire detected an unusual behavior of application then it send something on the wildfire cloud. If the client have a subscription for 30 to 60 minutes update. How long can wildfire send a patch for that application on the end-user? or i mean how long does wildfire cloud can evaluate the application as malware or threat? </P></BODY></HTML> Mon, 22 Jul 2013 14:28:34 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5740#M4196 TSPI 2013-07-22T14:28:34Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5741#M4197 <HTML><HEAD></HEAD><BODY><P>With Wildfire Subscription on OS-5.0 ,Wildfire Updates can be delivered to all WildFire subscribers within one hour.</P><P>To verify ,navigate to Device&gt;Dynamic Updates and check the Release Date timestamp&nbsp; for Wildfire on the WebUI.</P></BODY></HTML> Mon, 22 Jul 2013 15:05:44 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5741#M4197 UhMayYeah 2013-07-22T15:05:44Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5742#M4198 <HTML><HEAD></HEAD><BODY><P>In that case, the moment palo alto detect some unusual behavior or suspicious file it sends data&nbsp; to the wildfire cloud. Then client will just wait for 30 to 60 minutes for palo alto to deliver the updates and new signatures. It doesn't matter how difficult for that signatures to be created. Is that correct?</P><P><BR /> </P></BODY></HTML> Tue, 23 Jul 2013 02:11:07 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5742#M4198 TSPI 2013-07-23T02:11:07Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5743#M4199 <HTML><HEAD></HEAD><BODY><P>The PA unit doesnt do any analyse on its own.</P><P></P><P>You setup firewall rules on which traffic (files) to be sent to wildfire for analyze (allow-and-forward).</P><P></P><P>If you have a WF-500 appliance the files never leave your datacenter (compared to the cloudbased Wildfire where the files are sent into some Amazon EC2 cloud setup) unless when malware is detected then the malware file is being forwarded to PaloAlto so a signature will be created.</P><P></P><P>Once the files has been sent the first check (unfortunately) is if the binrary is signed by a trusted CA or not - if its signed it wont be checked (I hope this will change in future looking at cases such as stuxnet and flame who used real CA certs from Realtek (among others) to sign their malware) samt goes if the file has already been investigated previously.</P><P></P><P>Once its being checked and if identified as malware the signature for this file will be available within one hour for those with a wildfire-subscription - the rest will have to wait for the weekly updated of the threat db to get the same signature.</P></BODY></HTML> Tue, 23 Jul 2013 20:00:49 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-query/m-p/5743#M4199 mikand 2013-07-23T20:00:49Z