Wildfire flow

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wildfire flow

L6 Presenter

Hi,

For the desicion flow of wildfire, where is the hash update and wildfire database update ? can someone tell the real place of both in that chart.

Document's very clear but it is written before subscription service was released.

WildFire Decision Flow

2 REPLIES 2

L4 Transporter

Hi,


When users download .exe or .dll files, PA computes the hash of the file and send only computed hash to the wildfire cloud. Then in the cloud, this hash is compared with the hash base which is maintained by palaltonetworks. If the hash matches, then the verdict is known and file is not uploaded to the cloud, if hash do not match then the file is uploaded and inspected and you can see the file on the portal. Also if the hash on the PA doesnt match with the hash database in the cloud, it creates a new virus id for the file.

Thanks,

Syed R Hasnain

Are uploaded files stored somewhere within this "cloud" to be re-evaluated on a schedule?

Im thinking when PA is changing what will trigger a file to be considered malware or not (like the case I found a few months ago where wildfire verdict was benign but the file was truly a very bad file) - then this "the hash matches a clean file" might not be true...

Also is there a setting regarding this within WF-500, for example making a verdict for a specific hash only valid for 24 hours or so - if the file is seen again later on then the file will be re-evaluated?

  • 2192 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!