how to configure wildfire to block a malicious file?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

how to configure wildfire to block a malicious file?

L1 Bithead

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

18 REPLIES 18

L5 Sessionator

Hi,

What about the wildfire report for your virus.exe file ?

V.

L2 Linker

Do you have a configured file blocking profile ? What is the action set for the file blocking profile under objects ?

Hi,VinceM

this's wildfire analysis report.

Capture.PNG.png

@hparikh

i configured action in blocking profile to "forward".

L2 Linker

Wildfire report shows that the first time the malware was reported at 02-24 14:08 and the log shows alert for type wildfire at 22:59 with wildfire-upload-skip since the file has been already sent to wildfire cloud

If the firewall is equipped with a WildFire subscription then it can receive the new signatures within 30-60 minutes; firewalls with only a Threat Prevention subscription can receive the new signatures in the next antivirus signature update within 24-48 hours. Can you please confirm if you have valid license for wildfire? The wildfire version that you have is 26818-33137 and the latest available is 26836-33168.

i try to test this virus.exe about 4 hours. and i download an update already.

and if you look at this pic. wildfire log is show "virus.exe" is malicious but action is alert, not block.

Capture.PNG.png

Not applicable

Hi thanachaip,

Nothing false in your configuration.

I got the same problem and already open case for it.

Could you please share the case ID here.

Hi HULK,

My case number : 00189573.

Hi Hulk,

Not sure if there was a resolution to this issue but I am having the exact same issue and am getting nowhere with support.

Case ID: 00226681

Hoping maybe you can help?

L1 Bithead

Also having this same issue with a PA3020 running version 6.0.2 currently. Any new information?

I finally got my case escilated and am currently working on getting them more info.  Will update when I know more.

Thanks JayD, looking forward to hearing more

Antwoinne If you can, please create a ticket with your example and reference JayD 's Case ID: 00226681 when you do.

This will give support more data to work with for a solution.

Thanks for posting the information and tracking the issue for the rest of us.


Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 7950 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!