Last thursday one of our firewalls had 26 wildfire submissions that were determined to be malware - all coming in thru email. That is probably a record, some days it is just a few. Note these were all PE files. Seeing as nobody should really be getting executables thru email I decided to block them which means less work for me. However, I also would still like to send them off to wildfire if possible so if they are bad it will help out all the other palo users, I just posted a question on how to do that if possible in these forums. It is really interesting to go to the virus total link and see how many of the top av products have detected what wildfire finds - it seems most of the av products take a few days to detect something after wildfire has detected it for me. Not to mention I might then see 3 or 4 variants with the same file name but different md5. It will be interesting once I add office docs and pdf files into the mix - just testing them now. I would be curious how many people using wildfire detect malware infected office and pdf docs.
... View more