How to use Wildfire for Android APK

Reply
Highlighted
L4 Transporter

How to use Wildfire for Android APK

I found following new press release:

Palo Alto Networks WildFire Protects Against Cyber Threats Targeting Android Smartphones and Tablets

I have PaloAlto device with Wildfire subscription.

The device is running on PANOS 5.0.6.

How can I use this new wildfire?

Does it mean I just change configuration of File Blocking to upload .apk files?

If someone knows, please help. Otherwise, I'll contact to my local SE.

Regards,

Emr


Accepted Solutions
Highlighted
L5 Sessionator

Please confirm this information with your  SE on the availability of Wildfire for Android.

View solution in original post


All Replies
Highlighted
L7 Applicator

Hi Emr,

You are correct,

Apk--- Android application package file

It is part of File Blocking Profiles.  ( Objects > Security Profiles > File Blocking ) and add APK as Supported File Formats for File Blocking.

Thanks

Highlighted
L7 Applicator

For reference, please follow below mentioned article,

https://live.paloaltonetworks.com/docs/DOC-4118 >>>>>>>  Page 216

Hope it will help you.

Thanks

Highlighted
L4 Transporter

Hello

If you are trying to understand how Wildfire works and its configuration then the below links will give you a good understanding of the wildfire configuration, testing and monitoring.

How to Configure Wildfire

Wildfire Configuration, Testing and Monitoring

How to Check the Connectivity to Wildfire and Upload Status of Files

Hope this helps.

Highlighted
L5 Sessionator

Hi,

For me, today, upload apk to Wildfire is not supported yet.

For now you can allow or block apk but can't be more granular.

Hope help

V.

Highlighted
L5 Sessionator

Please confirm this information with your  SE on the availability of Wildfire for Android.

View solution in original post

Highlighted
L4 Transporter

Thank you for your replies, guys.

I tested with my PA device.

As VinceM says, I confirmed PA did not upload the APK file at this point.

I think this is new feature available from 6.0.

Highlighted
L7 Applicator

Just to help clarify:

  1. APK signatures for Android malware are being provided in AV signature set (PAN-OS 5.0+ only)
  2. Currently the signatures are being developed by leveraging internal android wildfire analysis environment and running Android software from popular stores through it to determine maliciousness.


However, PAN devices themselves do not currently have the ability to forward apk files to the cloud as VinceM observed.

Highlighted
L4 Transporter

Hi achitwadgi,

I see.

It helps me to understand more clearly.

Thanks for the updates.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!