i used PA3020 and software version 6.0.0, wildfire version is 26818-33137
i configured wildfire action to block in antivirus profile and apply to security policy already.
but, when i test to download a malicious files. the action is alert and i can download this file. why?
i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.
The WF signature database on the devices don't have all signatures. So if your file is malicious that indicates a file was inspected by WF and with hash check your firewalls knows this verdict.
But to block the file it needs to have a signature in the WF database on your device. If the algorithm to select signatures being in the WF database not selected the signature for your file, your device will not be able to block it.
If the file is triggered the WF algorithm will select the file again to be in the WF database that is pushed towards the devices in one of the next updates. Then you will see it gets blocked.
That is how it works in fact, of course a bug is also possible
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!