how to configure wildfire to block a malicious file?

cancel
Showing results for 
Search instead for 
Did you mean: 

how to configure wildfire to block a malicious file?

L1 Bithead

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

18 REPLIES 18

L5 Sessionator

Hi,

What about the wildfire report for your virus.exe file ?

V.

L2 Linker

Do you have a configured file blocking profile ? What is the action set for the file blocking profile under objects ?

Hi,VinceM

this's wildfire analysis report.

Capture.PNG.png

@hparikh

i configured action in blocking profile to "forward".

L2 Linker

Wildfire report shows that the first time the malware was reported at 02-24 14:08 and the log shows alert for type wildfire at 22:59 with wildfire-upload-skip since the file has been already sent to wildfire cloud

If the firewall is equipped with a WildFire subscription then it can receive the new signatures within 30-60 minutes; firewalls with only a Threat Prevention subscription can receive the new signatures in the next antivirus signature update within 24-48 hours. Can you please confirm if you have valid license for wildfire? The wildfire version that you have is 26818-33137 and the latest available is 26836-33168.

i try to test this virus.exe about 4 hours. and i download an update already.

and if you look at this pic. wildfire log is show "virus.exe" is malicious but action is alert, not block.

Capture.PNG.png

Not applicable

Hi thanachaip,

Nothing false in your configuration.

I got the same problem and already open case for it.

Could you please share the case ID here.

Hi HULK,

My case number : 00189573.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!