Hi I've a couple of question re wildfire.
1. I've configured my device to inspect .exe and .dll files and selected the aciton continue and forward under the file blocking policy. When I try to download a .exe im promoted with the message that the file has been blocked due to a company policy. There is no continue option. I've uploaded the default block continue code from my box and it appears the script is missing from the code?
2. How long does it take before entries are logged onto the Wildfire portal as of yet I can't see the file activty of my tests appear on the web portal?
Solved! Go to Solution.
I had the same problem. I had to reset the file block repsonse pages to default and it started working again. Device > Response pages > Click on Restore to Default on all the profiles type of pages you are using. After commit and a few tries it started working.
I dont know how long it takes for the files to show up on wildfire if it has been forwarded. Its not minutes from what I can see so far. I will let you know if I find out.
Thanks for the tip - it worked a treat.
I've tried to export the message to change the wording. however when I export the file it's just the original txt file with no script funciton (for continue). Do you have any ideas on how I can change the default text for the warning screen !!!
I think I have the answer for your question No 2.
You have to know (if you do not know) that PA firewall does not upload all .exe or .dll files to
the wildfire cloud (because of that you do not see them on the wildfire portal). This is how it works:
When users download .exe or .dll files, PA computes the hash of the file and send only computed hash
to the wildfire cloud. Then in the cloud, this hash is compared with the hash base which is maintained
by palaltonetworks. If the hash matches, then the verdict is known and file is not uploaded to the cloud,
if hash do not match then the file is uploaded and inspected and you can see the file on the portal.
So if the files do not appear on the portal this is probably because computed hash matches hash that is
in their base. If you want to test what I said you can try to download some custom built application, probably
computed hash will not be in their base and you will see file on the portal. I tried this, it works fine, you can see the
files on the portal in a minute.
Let me know if this was correct,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!