how to configure wildfire to block a malicious file?

Reply
Highlighted
L1 Bithead

Re: how to configure wildfire to block a malicious file?

Hi Hulk,

Not sure if there was a resolution to this issue but I am having the exact same issue and am getting nowhere with support.

Case ID: 00226681

Hoping maybe you can help?

L1 Bithead

Re: how to configure wildfire to block a malicious file?

Also having this same issue with a PA3020 running version 6.0.2 currently. Any new information?

L1 Bithead

Re: how to configure wildfire to block a malicious file?

I finally got my case escilated and am currently working on getting them more info.  Will update when I know more.

L1 Bithead

Re: how to configure wildfire to block a malicious file?

Thanks JayD, looking forward to hearing more

L7 Applicator

Re: Re: how to configure wildfire to block a malicious file?

Antwoinne If you can, please create a ticket with your example and reference JayD 's Case ID: 00226681 when you do.

This will give support more data to work with for a solution.

Thanks for posting the information and tracking the issue for the rest of us.


Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L1 Bithead

Re: Re: how to configure wildfire to block a malicious file?

This issue was handled by our internal managed support team, escalated to me for assistance and then escalated to PAN with a case opened. I provided them JayD 's Case ID for that very tracking capability. I'm trying to retrieve our PAN Case ID now so it can be listed here.

L2 Linker

Re: how to configure wildfire to block a malicious file?

Hello,

     does anybody fixed that?

I am experiencing the same issue..

regards.

Walter Doria

L3 Networker

Re: how to configure wildfire to block a malicious file?

I have the same issue.  Any update?

L3 Networker

Re: how to configure wildfire to block a malicious file?

Hi,

The WF signature database on the devices don't have all signatures. So if your file is malicious that indicates a file was inspected by WF and with hash check your firewalls knows this verdict.

But to block the file it needs to have a signature in the WF database on your device. If the algorithm to select signatures being in the WF database not selected the signature for your file, your device will not be able to block it.

If the file is triggered the WF algorithm will select the file again to be in the WF database that is pushed towards the devices in one of the next updates. Then you will see it gets blocked.

That is how it works in fact, of course a bug is also possible :smileyhappy:

Regards,

Kevin

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!