The PAN will do its best to inspect it, but if it cant decrypt it it can only scan its hash to see if has been reported before.
Hope that helps.
Palo firewall will not look into rar at all. It is simply passed through it (if permitted by file blocking policy).
Palo is using stream based AV. To inspect rar it would need to be downloaded fully first.
rar is inspected only if it is uploaded to wildfire. But if rar is password protected then it can't be inspected at all.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!