09-21-2013 05:53 AM
Hi,
For the desicion flow of wildfire, where is the hash update and wildfire database update ? can someone tell the real place of both in that chart.
Document's very clear but it is written before subscription service was released.
09-21-2013 09:06 AM
Hi,
When users download .exe or .dll files, PA computes the hash of the file and send only computed hash to the wildfire cloud. Then in the cloud, this hash is compared with the hash base which is maintained by palaltonetworks. If the hash matches, then the verdict is known and file is not uploaded to the cloud, if hash do not match then the file is uploaded and inspected and you can see the file on the portal. Also if the hash on the PA doesnt match with the hash database in the cloud, it creates a new virus id for the file.
Thanks,
Syed R Hasnain
09-22-2013 03:47 AM
Are uploaded files stored somewhere within this "cloud" to be re-evaluated on a schedule?
Im thinking when PA is changing what will trigger a file to be considered malware or not (like the case I found a few months ago where wildfire verdict was benign but the file was truly a very bad file) - then this "the hash matches a clean file" might not be true...
Also is there a setting regarding this within WF-500, for example making a verdict for a specific hash only valid for 24 hours or so - if the file is seen again later on then the file will be re-evaluated?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
