The WildFire Action setting in Antivirus profiles blocks viruses that WildFire identifies in content signature updates in the Antivirus profile. The WildFire Decoder Actions best practice check ensures the decoders are set to reset-both, drop, reset-client, or reset-server in the WildFire Action column. If users have a WildFire subscription, their firewalls receive zero-day malware signatures from the WildFire cloud, as fast as under a minute after the threat is discovered. The WildFire Action setting in Antivirus profiles is based on WildFire content signature updates.
Configure the firewall to forward files to WildFire for analysis. Through the WildFire Analysis Profile, all files being uploaded or downloaded will be sent to WildFire for analysis. The WildFire Profile File Types best practice check ensures all file types for all applications are sent to WildFire for analysis. The WIldFire Cloud and on-premises private cloud analyzes new files that the firewall hasn’t seen before. It sends all new files for all applications to WildFire for analysis and inspection. WildFire detects unknown threats in all file types and protects you against zero-day threats (new malware) and advanced persistent threats.
Custom URL categories and external dynamic lists of type URL are displayed under Category. By default, Site Access and User Credential Submission permissions for all categories are set to allow. The URL Filtering Profile Allow Categories best practice check ensures the URL categories under the Site Access section are not set to allow. If traffic is set to allow from a URL category, the firewall doesn’t log that traffic. So there will be no visibility into traffic to websites in that UR category. For URL categories that are not blocked, set the Site Access action to alert to log traffic to all websites.
The WildFire action setting in Antivirus profile blocks viruses the WildFire identifies in content signature updates in the Antivirus profile. This BPA check ensures the decoders are set to reset-both, drop, reset-client, or reset-server in the WildFire Action column. If users have a WildFire subscription, their firewalls receive zero-day malware signatures from the WildFire cloud, minutes after the threat is discovered. The WildFire Action setting in Antivirus profile is based on WildFire content signature updates.
If the firewall detects a virus, the firewall should block the threat. To do that, set the ftp, http, smb, and smtp decoders to “reset-both” in the Action column in every Antivirus profile. Resetting both ends of the connections is better than resetting only the client or only the server unless there are business reasons not to reset one end of the connection. You can tighten security even more by also setting the imap and pop3 decoder Action to “reset-both”. If you are using predefined profiles and if they are failing BP checks you can clone them or create custom profile and do the necessary changes to pass BP checks.
The DNS Sinkhole feature enabled the ability to identify the compromised or infect host machines that are accessing malicious domain, the DNS Sinkhole feature in the Antispyware profile will direct this traffic request to the sinkhole IP address or an address that is not routable externally so that an administrator can identify all the traffic that was sink holed and identify the compromised source machine.