This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to configure wildfire to block a malicious file?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to configure wildfire to block a malicious file?

thanachaip
L1 Bithead

‎02-24-2014 08:11 AM

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

Labels:
0 Likes Likes
18 REPLIES 18

VinceM
L5 Sessionator

‎02-24-2014 08:55 AM

Hi,

What about the wildfire report for your virus.exe file ?

V.

0 Likes Likes

Mystique
L2 Linker

‎02-24-2014 11:00 AM

Do you have a configured file blocking profile ? What is the action set for the file blocking profile under objects ?

0 Likes Likes

thanachaip
L1 Bithead
In response to VinceM

‎02-24-2014 11:00 AM

Hi,VinceM

this's wildfire analysis report.

Capture.PNG.png

0 Likes Likes

thanachaip
L1 Bithead
In response to Mystique

‎02-24-2014 11:03 AM

@hparikh

i configured action in blocking profile to "forward".

0 Likes Likes

Mystique
L2 Linker

‎02-24-2014 08:35 PM

Wildfire report shows that the first time the malware was reported at 02-24 14:08 and the log shows alert for type wildfire at 22:59 with wildfire-upload-skip since the file has been already sent to wildfire cloud

If the firewall is equipped with a WildFire subscription then it can receive the new signatures within 30-60 minutes; firewalls with only a Threat Prevention subscription can receive the new signatures in the next antivirus signature update within 24-48 hours. Can you please confirm if you have valid license for wildfire? The wildfire version that you have is 26818-33137 and the latest available is 26836-33168.

0 Likes Likes

thanachaip
L1 Bithead
In response to Mystique

‎02-24-2014 08:45 PM

i try to test this virus.exe about 4 hours. and i download an update already.

and if you look at this pic. wildfire log is show "virus.exe" is malicious but action is alert, not block.

Capture.PNG.png

0 Likes Likes

mg_imid
Not applicable

‎02-25-2014 08:34 PM

Hi thanachaip,

Nothing false in your configuration.

I got the same problem and already open case for it.

0 Likes Likes

HULK
L7 Applicator
In response to mg_imid

‎02-25-2014 09:00 PM

Could you please share the case ID here.

0 Likes Likes

mg_imid
Not applicable
In response to HULK

‎02-25-2014 10:40 PM

Hi HULK,

My case number : 00189573.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks