Showing results for 
Search instead for 
Did you mean: 

Who rated this post

TL;DR  the WildFire profile only acts as a detector, it intercepts files and sends them to the cloud for analysis, any file received that passes a wildfire profile will have a report with it's threat level (benign, grey-, malware)


Enforcement happens through the AV profile: when files are scanned and detected to be malware, a signature is created that is sent via wildfire updates (and aggregated once every 24 hours into an AV content update). malware files can only be blocked if a signature exists in the AV engine to block it


if a 0day is received, the file is forwarded to wildfire and a minute (or longer) later, a signature is created to block it. That signature will immediately be available for download through wildfire dynamic updates, and later that day in the daily AV wrapup, so depending on your subscription you can have a signature in minutes, or within 24 hours. the original file, however, was already passed the firewall as at the time of receiving it, a signature was not available on your system to block it (via the AV profile)



hope this helps


Tom Piens
PANgurus - (co)managed services and consultancy
Who rated this post