Info Wildefire analysis and wildefire in antivirus profile

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Info Wildefire analysis and wildefire in antivirus profile

L1 Bithead

Hai all

after the upgrade to new version of pan os(7.0.13) i found some difference in security profile. Can you help me to understand the difference between:

 

- Security Profile > Antivirus > wildefire action

- Security Profile > Wildefire Analysis

 

is Antivirus profile to block malicious file knew in the dat file and wildefire for zero day files?Why there is a second wildefire profile in the Antivirus profile?If i make a rule which profile must i apply to the rule?

 

Thanks all

Gianpiero

2 REPLIES 2

Cyber Elite
Cyber Elite

hi there

 

there's 2 parts to Wildfire: one it the uploading and analyzing of files, which return you a verdict for that file

the second part is creating a signature to block these files for everyone that has downloaded the dynamic update package

 

so - Security Profile > Antivirus > wildefire action : is which actions to take on signatures matching the wildfire content update

it requires you to have the separate wildfire license

 

and - Security Profile > Wildefire Analysis : is what you want to do with files going through the firewall - upload them to wildfire or not

 

hope this makes sense ?

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L2 Linker

If I remember correctly, the AV profile allows you to set actions (reset-client, reset-server, etc) based on the decoder (http, ftp, pop3, etc). The Wildfire Analysis profile allows you to set which files you want to upload to the wildfire engine (public or private).

 

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/policy/antivirus-profiles#19476

 

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/policy/wildfire-analysis-profiles.ht...

 

Hope that helps!

 

- Peter

  • 2116 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!