- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-28-2020 01:43 AM
There are certain files which were sent to wildfire for multiple times and every time we have received verdict as malicious.
The same file (i have verified the file hash available in wildfire cloud) is submitting multiple times even after the verdict is malicious from old wildfire submission but it's not block. As iam running 9.0.5 PAN-OS version please suggest
2020-08-25 11:04:58 +0300: proforma invoice.rar archive skipped - remote malware dup PUB 30644 731368 527539 0x101c allow
2020-08-25 11:05:00 +0300: proforma invoice.rar archive skipped - cached malware dup PUB 157936 731369 527539 0x124c allow
2020-08-25 13:47:02 +0300: proforma invoice.rar archive skipped - remote malware dup PUB 28172 732436 527539 0x101c allow
2020-08-25 14:23:29 +0300: proforma invoice.rar archive skipped - remote malware dup PUB 146272 732682 527539 0x101c allow
But when i check customer is receiving the Malware file multiple times
08-28-2020 01:58 PM
Hello,
Are you policies set to block this content of malicious Wildfire files?
Regards,
08-28-2020 02:08 PM
@OtakarKlier thanks for your reply
As we same file with same hashes are blocked.But after some hours same file with same hashes are allowed by paloalto. Please suggest
PAN-OS version 9.0.5
08-28-2020 02:22 PM
Hello,
I would open a tac case and see what they have to say. They can look at the PAN and file more closely.
Regards,
08-28-2020 02:33 PM
Paloalto verdict are malware and allow the traffic but from paloalto there is fortimail which is behind the paloalto and they reject these file.
08-29-2020 01:08 PM
why firewall submitted the same sample to wildfire multiple times.you would get idea in ms.log
Please share ms.log
08-29-2020 01:21 PM
@bit_byte thanks for you reply
As iam not seen any thing in ms.log
020-08-25 08:56:05.679 +0300 No new WildFire updates available for download
2020-08-25 08:57:01.148 +0300 pan_dynupdsch_local_refresh(pan_cfg_dynupdsch.c:2054): scheduled-update: "_SystemWildfireUpdate_" refreshing of WildFire
'cfg.platform.express-mode': NO_MATCHES
NO_MATCHES
NO_MATCHES
2020-08-25 08:57:05.328 +0300 No new WildFire updates available for download
2020-08-25 08:57:41.884 +0300
##### Non-BATCH report found (acc-summary)
2020-08-25 08:57:41.885 +0300 report generation started for 'acc-summary'
2020-08-25 08:57:41.885 +0300 ** generating report for time from 1598331461 to 1598335060
2020-08-25 08:57:41.915 +0300
##### Non-BATCH report found (acc-summary)
2020-08-25 08:57:41.979 +0300 client dagger reported op command was SUCCESSFUL
2020-08-25 08:57:42.237 +0300 report generation started for 'acc-summary'
2020-08-25 08:57:42.237 +0300 ** generating report for time from 1598331461 to 1598335060
2020-08-25 08:57:42.273 +0300 client dagger reported op command was SUCCESSFUL
2020-08-25 08:57:42.685 +0300
##### Non-BATCH report found (custom-dynamic-report)
2020-08-25 08:57:42.687 +0300 report generation started for 'custom-dynamic-report'
2020-08-25 08:57:42.689 +0300 ** generating report for time from 1598331462 to 1598335061
2020-08-25 08:57:42.853 +0300 client dagger reported op command was SUCCESSFUL
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!