- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-28-2021 08:20 AM
the customer want to test pa wilfire feature .
my test step:
1: from http://wildfire.paloaltonetworks.com/publicapi/test/apk, download the sample malware.the traffice throught the pa
2: when we can find the wildire log from firewall and theck the log report ,know the malware files sha256
------------------------------------------------
log: 33, filename: wildfire-test-apk-file.apk
processed 120151 seconds ago, action: upload success
vsys_id: 1, session_id: 47055, transaction_id: 5
file_len: 1434514, flag: 0x801c, file type: apk
threat id: 52108, user_id: 0, app_id: 109
from 192.168.5.31/50643 to 34.84.44.247/80
SHA256: 2751671b591b6969b09f8c032cd89e6ae83a5f3ec819c8b923c673a6286cbec3
------------------------------------------------------------------------------------------------------------
3:then wait 48 hours,we go to threat db lookup the sha256 value,but we don't find the sha256.
so I think that PA will not update malware signature to antiivirus from sample malware files(http://wildfire.paloaltonetworks.com/publicapi/test/apk).is true ?
07-28-2021 08:32 AM
step 4:
I set up a web server, put the malicious file (apk)on this web server, and then use another host to download the ake malicious file again through HTTP. The traffic passes through the pa firewall. Although the file has been recognized by the firewall's wilfarire function, I also waited 48 hours to update the AV feature library, but the firewall's threat protection does not recognize the malicious file, Therefore, I think PA does not update the signature of the sample to the AV feature library.
07-28-2021 03:14 PM
Hello,
It should show up in the firewall logs, but might not show in the portal since its a known test file and they might not log it.
Regards,
07-28-2021 07:51 PM
hi Otakarklier:
thanks you reply.
It should show up in the firewall logs, -----which log ,threat log or wildfire log ?
when we do test with step 4, the firewall don't block this malware files (apk) why ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!