how to configure wildfire to block a malicious file?

thanachaip · ‎02-24-2014

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

but, when i test to download a malicious files. the action is alert and i can download this file. why?

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

VinceM · ‎02-24-2014

Hi,

What about the wildfire report for your virus.exe file ?

V.

Mystique · ‎02-24-2014

Do you have a configured file blocking profile ? What is the action set for the file blocking profile under objects ?

thanachaip · ‎02-24-2014

Hi,VinceM

this's wildfire analysis report.

thanachaip · ‎02-24-2014

@hparikh

i configured action in blocking profile to "forward".

Mystique · ‎02-24-2014

Wildfire report shows that the first time the malware was reported at 02-24 14:08 and the log shows alert for type wildfire at 22:59 with wildfire-upload-skip since the file has been already sent to wildfire cloud

If the firewall is equipped with a WildFire subscription then it can receive the new signatures within 30-60 minutes; firewalls with only a Threat Prevention subscription can receive the new signatures in the next antivirus signature update within 24-48 hours. Can you please confirm if you have valid license for wildfire? The wildfire version that you have is 26818-33137 and the latest available is 26836-33168.

thanachaip · ‎02-24-2014

i try to test this virus.exe about 4 hours. and i download an update already.

and if you look at this pic. wildfire log is show "virus.exe" is malicious but action is alert, not block.

mg_imid · ‎02-25-2014

Hi thanachaip,

Nothing false in your configuration.

I got the same problem and already open case for it.

HULK · ‎02-25-2014

Could you please share the case ID here.

mg_imid · ‎02-25-2014

Hi HULK,

My case number : 00189573.

JayD · ‎06-27-2014

Hi Hulk,

Not sure if there was a resolution to this issue but I am having the exact same issue and am getting nowhere with support.

Case ID: 00226681

Hoping maybe you can help?

Antwoinne · ‎07-01-2014

Also having this same issue with a PA3020 running version 6.0.2 currently. Any new information?

JayD · ‎07-01-2014

I finally got my case escilated and am currently working on getting them more info. Will update when I know more.

Antwoinne · ‎07-10-2014

Thanks JayD, looking forward to hearing more

pulukas · ‎07-10-2014

Antwoinne If you can, please create a ticket with your example and reference JayD 's Case ID: 00226681 when you do.

This will give support more data to work with for a solution.

Thanks for posting the information and tracking the issue for the rest of us.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Unlock your full community experience!

how to configure wildfire to block a malicious file?

how to configure wildfire to block a malicious file?

Show your appreciation!