https://live.paloaltonetworks.com/t5/general-topics/wildfire-testing/m-p/163170#M52856 <P><SPAN>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62286">@Alex_Samad</a></SPAN></P><P>&nbsp;</P><P><SPAN>The Wildfire PE test file is only to proof that the firewall is able to identify unknown hashes and forward it to the Wildfire cloud. An AV signature is not created for it.&nbsp;</SPAN></P><P><SPAN>For samples that the firewall detects, the firewall checks the sample hash against WildFire signatures to determine if WildFire has previously analyzed the sample. If the sample is identified as malware, it is blocked. If the sample remains unknown after comparing it against existing WildFire signatures, the firewall forwards the sample for WildFire analysis.</SPAN></P><P>&nbsp;</P><P><SPAN>In other words, the prevention action (Block) only occurs after the Wildfire convicts a file as being malicious, when it then generates and AV signature.&nbsp;</SPAN></P><P><SPAN><A href="https://www.paloaltonetworks.com/documentation/70/wildfire/wf_admin/wildfire-overview/wildfire-concepts.html" target="_blank">https://www.paloaltonetworks.com/documentation/70/wildfire/wf_admin/wildfire-overview/wildfire-concepts.html</A></SPAN></P><P>&nbsp;</P><P><SPAN>I hope this helps</SPAN></P> Mon, 26 Jun 2017 00:52:40 GMT acc6d0b3610eec313831f7900fdbd235 2017-06-26T00:52:40Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-testing/m-p/163162#M52855 <P>Hi</P><P>&nbsp;</P><P>I tried downloading this</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-File/ta-p/60925" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-WildFire-with-a-Fake-Malicious-File/ta-p/60925</A></P><P>&nbsp;</P><P>It shows up as being submitted to wildfire, but doesn't get blocked. is that the right action ?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 25 Jun 2017 23:59:06 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-testing/m-p/163162#M52855 Alex_Samad 2017-06-25T23:59:06Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-testing/m-p/163170#M52856 <P><SPAN>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/62286">@Alex_Samad</a></SPAN></P><P>&nbsp;</P><P><SPAN>The Wildfire PE test file is only to proof that the firewall is able to identify unknown hashes and forward it to the Wildfire cloud. An AV signature is not created for it.&nbsp;</SPAN></P><P><SPAN>For samples that the firewall detects, the firewall checks the sample hash against WildFire signatures to determine if WildFire has previously analyzed the sample. If the sample is identified as malware, it is blocked. If the sample remains unknown after comparing it against existing WildFire signatures, the firewall forwards the sample for WildFire analysis.</SPAN></P><P>&nbsp;</P><P><SPAN>In other words, the prevention action (Block) only occurs after the Wildfire convicts a file as being malicious, when it then generates and AV signature.&nbsp;</SPAN></P><P><SPAN><A href="https://www.paloaltonetworks.com/documentation/70/wildfire/wf_admin/wildfire-overview/wildfire-concepts.html" target="_blank">https://www.paloaltonetworks.com/documentation/70/wildfire/wf_admin/wildfire-overview/wildfire-concepts.html</A></SPAN></P><P>&nbsp;</P><P><SPAN>I hope this helps</SPAN></P> Mon, 26 Jun 2017 00:52:40 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-testing/m-p/163170#M52856 acc6d0b3610eec313831f7900fdbd235 2017-06-26T00:52:40Z