Using the 'free' Wildfire service, does anyone know how long should I expect the delay to be before downloads marked as malware are blocked subsequently?
For example, today we had a download ("pdf_delta_ticket.scr" below) that was logged as upload-skip which to my knowledge means that it has been seen before by this device. As the last previous upload-success was ~6 days previously (and as it was a DLL it almost certainly wasn't the original download) this seems to suggest that the time taken is more than a few days (we download and install AV updates daily).
Whenever a new file is sent to wildfire it is analyzed for various malicious behaviors. You can login to your wildfire portal to check the status of your files i.e only if it is found to be malicious an av signature is created and released. So have you had a chance to look at your wildfire portal @ https://wildfire.paloaltonetworks.com/Wildfire .
Also refer the following documents:-
Yes - I've checked the portal and it is VERY malicious (turning off IE phishing protection, disabling the firewall etc)!
While I understand that some malware is polymorphic and will change it's binary fingerprint, the fact that this was a skipped upload means that it must have been seen before in it's current "guise" and I can only assume that it would have looked just as malicious previously (I can;t see why not).
As we haven't had a upload for 4 days (and the most likely EXE upload was at least 12 days ago) that seems to suggest that no AV signature has been released in the previous 2 weeks that should have triggered on the re-download (or the signature released failed to match it properly?).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!