This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

reaper
Cyber Elite
Cyber Elite
In response to BPry

‎01-14-2021 01:25 AM

TL;DR  the WildFire profile only acts as a detector, it intercepts files and sends them to the cloud for analysis, any file received that passes a wildfire profile will have a report with it's threat level (benign, grey-, malware)

 

Enforcement happens through the AV profile: when files are scanned and detected to be malware, a signature is created that is sent via wildfire updates (and aggregated once every 24 hours into an AV content update). malware files can only be blocked if a signature exists in the AV engine to block it

 

if a 0day is received, the file is forwarded to wildfire and a minute (or longer) later, a signature is created to block it. That signature will immediately be available for download through wildfire dynamic updates, and later that day in the daily AV wrapup, so depending on your subscription you can have a signature in minutes, or within 24 hours. the original file, however, was already passed the firewall as at the time of receiving it, a signature was not available on your system to block it (via the AV profile)

 

 

hope this helps

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks