Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
03-13-2019 01:56 PM
Can anyone throw some light on Best Practise for inspecting Password Protected Winrar/zip files on Palo's.
Thanks
03-14-2019 06:20 AM - edited 03-14-2019 06:21 AM
Palo firewall will not look into rar at all. It is simply passed through it (if permitted by file blocking policy).
Palo is using stream based AV. To inspect rar it would need to be downloaded fully first.
rar is inspected only if it is uploaded to wildfire. But if rar is password protected then it can't be inspected at all.
03-13-2019 02:18 PM
Hello,
The PAN will do its best to inspect it, but if it cant decrypt it it can only scan its hash to see if has been reported before.
Hope that helps.
03-14-2019 06:20 AM - edited 03-14-2019 06:21 AM
Palo firewall will not look into rar at all. It is simply passed through it (if permitted by file blocking policy).
Palo is using stream based AV. To inspect rar it would need to be downloaded fully first.
rar is inspected only if it is uploaded to wildfire. But if rar is password protected then it can't be inspected at all.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
