how to configure wildfire to block a malicious file?

Reply
L1 Bithead

how to configure wildfire to block a malicious file?

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

Tags (2)
L5 Sessionator

Re: how to configure wildfire to block a malicious file?

Hi,

What about the wildfire report for your virus.exe file ?

V.

L2 Linker

Re: how to configure wildfire to block a malicious file?

Do you have a configured file blocking profile ? What is the action set for the file blocking profile under objects ?

L1 Bithead

Re: Re: how to configure wildfire to block a malicious file?

Hi,VinceM

this's wildfire analysis report.

Capture.PNG.png

L1 Bithead

Re: Re: how to configure wildfire to block a malicious file?

@hparikh

i configured action in blocking profile to "forward".

L2 Linker

Re: how to configure wildfire to block a malicious file?

Wildfire report shows that the first time the malware was reported at 02-24 14:08 and the log shows alert for type wildfire at 22:59 with wildfire-upload-skip since the file has been already sent to wildfire cloud

If the firewall is equipped with a WildFire subscription then it can receive the new signatures within 30-60 minutes; firewalls with only a Threat Prevention subscription can receive the new signatures in the next antivirus signature update within 24-48 hours. Can you please confirm if you have valid license for wildfire? The wildfire version that you have is 26818-33137 and the latest available is 26836-33168.

L1 Bithead

Re: how to configure wildfire to block a malicious file?

i try to test this virus.exe about 4 hours. and i download an update already.

and if you look at this pic. wildfire log is show "virus.exe" is malicious but action is alert, not block.

Capture.PNG.png

Highlighted
Not applicable

Re: Re: how to configure wildfire to block a malicious file?

Hi thanachaip,

Nothing false in your configuration.

I got the same problem and already open case for it.

L7 Applicator

Re: how to configure wildfire to block a malicious file?

Could you please share the case ID here.

Not applicable

Re: how to configure wildfire to block a malicious file?

Hi HULK,

My case number : 00189573.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!