This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

how to configure wildfire to block a malicious file?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to configure wildfire to block a malicious file?

thanachaip
L1 Bithead

‎02-24-2014 08:11 AM

i used PA3020 and software version 6.0.0, wildfire version is 26818-33137

i configured wildfire action to block in antivirus profile and apply to security policy already.

Capture1.PNG.png

but, when i test to download a malicious files. the action is alert and i can download this file. why?

Capture.PNG.png

i don't know, what is wrong in my configure and i want to know, how to configure wildfire to block a malicious file.

Labels:
0 Likes Likes
18 REPLIES 18

Antwoinne
L1 Bithead
In response to pulukas

‎07-10-2014 10:05 AM

This issue was handled by our internal managed support team, escalated to me for assistance and then escalated to PAN with a case opened. I provided them JayD 's Case ID for that very tracking capability. I'm trying to retrieve our PAN Case ID now so it can be listed here.

paloalto_exn
L2 Linker

‎11-07-2014 05:04 AM

Hello,

     does anybody fixed that?

I am experiencing the same issue..

regards.

Walter Doria

0 Likes Likes

markk96
L3 Networker

‎11-08-2014 07:03 PM

I have the same issue.  Any update?

0 Likes Likes

kevin_thys
L3 Networker

‎03-24-2015 04:08 AM

Hi,

The WF signature database on the devices don't have all signatures. So if your file is malicious that indicates a file was inspected by WF and with hash check your firewalls knows this verdict.

But to block the file it needs to have a signature in the WF database on your device. If the algorithm to select signatures being in the WF database not selected the signature for your file, your device will not be able to block it.

If the file is triggered the WF algorithm will select the file again to be in the WF database that is pushed towards the devices in one of the next updates. Then you will see it gets blocked.

That is how it works in fact, of course a bug is also possible Smiley Happy

Regards,

Kevin

0 Likes Likes
  • 8996 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks