https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422826#M94097 <P>Hello,</P><P>It should show up in the firewall logs, but might not show in the portal since its a known test file and they might not log it.</P><P>&nbsp;</P><P>Regards,</P> Wed, 28 Jul 2021 22:14:55 GMT OtakarKlier 2021-07-28T22:14:55Z https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422697#M94084 <P>&nbsp;the customer want to test&nbsp; pa wilfire&nbsp; feature .</P><P>my test step:</P><P>1: from&nbsp;<A title="" href="http://wildfire.paloaltonetworks.com/publicapi/test/apk" target="_blank" rel="noopener">http://wildfire.paloaltonetworks.com/publicapi/test/apk</A>, download the sample malware.the traffice throught the pa</P><P>2: when we can find the&nbsp; wildire log from firewall&nbsp; and theck the log report ,know the&nbsp; malware files sha256</P><P>------------------------------------------------</P><P>log: 33, filename: wildfire-test-apk-file.apk<BR />processed 120151 seconds ago, action: upload success<BR />vsys_id: 1, session_id: 47055, transaction_id: 5<BR />file_len: 1434514, flag: 0x801c, file type: apk<BR />threat id: 52108, user_id: 0, app_id: 109<BR />from 192.168.5.31/50643 to 34.84.44.247/80<BR />SHA256: 2751671b591b6969b09f8c032cd89e6ae83a5f3ec819c8b923c673a6286cbec3</P><P>------------------------------------------------------------------------------------------------------------</P><P>3:then wait 48 hours,we go to&nbsp; threat db lookup the&nbsp; sha256 value,but we don't find the sha256.</P><P>so I think that&nbsp;&nbsp;PA will not update malware signature to antiivirus&nbsp; from sample malware files(<A href="http://wildfire.paloaltonetworks.com/publicapi/test/apk" target="_blank" rel="noopener">http://wildfire.paloaltonetworks.com/publicapi/test/apk</A>).is true&nbsp; ?</P><P>&nbsp;</P> Wed, 28 Jul 2021 15:20:29 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422697#M94084 Felixcao 2021-07-28T15:20:29Z https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422698#M94085 <P>step 4:</P><P>I set up a web server, put the malicious file (apk)on this web server, and then use another host to download the ake malicious file again through HTTP. The traffic passes through the pa firewall. Although the file has been recognized by the firewall's wilfarire function, I also waited 48 hours to update the AV feature library, but the firewall's threat protection does not recognize the malicious file, Therefore, I think PA does not update the signature of the sample to the AV feature library.</P> Wed, 28 Jul 2021 15:32:32 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422698#M94085 Felixcao 2021-07-28T15:32:32Z https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422826#M94097 <P>Hello,</P><P>It should show up in the firewall logs, but might not show in the portal since its a known test file and they might not log it.</P><P>&nbsp;</P><P>Regards,</P> Wed, 28 Jul 2021 22:14:55 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422826#M94097 OtakarKlier 2021-07-28T22:14:55Z https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422875#M94103 <P>hi&nbsp; Otakarklier:</P><P>&nbsp; thanks you reply.</P><P>&nbsp; It should show up in the firewall logs, -----which log ,threat log or wildfire log&nbsp; ?</P><P>&nbsp; when we do&nbsp; test with step 4, the firewall don't block this malware files (apk) why ?</P><P>&nbsp;</P> Thu, 29 Jul 2021 02:51:54 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422875#M94103 Felixcao 2021-07-29T02:51:54Z https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422878#M94104 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="threatvault.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/35307i5626CDCBFC52C836/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="threatvault.png" alt="threatvault.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="wildfire analysis reprot.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/35308i0A244C209BA1F4F8/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="wildfire analysis reprot.png" alt="wildfire analysis reprot.png" /></span></P> Thu, 29 Jul 2021 02:53:43 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-will-not-update-malware-signature-from-sample-malware-files/m-p/422878#M94104 Felixcao 2021-07-29T02:53:43Z