Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About Retired Member
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Announcements
The LIVEcommunity is undergoing maintenance. You may experience delays. Learn more here.
- LIVEcommunity
- About mscox42
08-26-2019
1Post
0Likes
0Solutions
Aug 26, 2019Last Visited
User
Activity
User
Profile
Latest posts by mscox42
| Subject | Views | Posted |
|---|---|---|
| 1211 | 01-11-2013 06:47 AM | |
| 605 | 01-11-2013 06:12 AM |
User Badges
Community Statistics
| Member Since | 06-04-2010 07:27 AM |
| Date Last Visited | 08-26-2019 07:10 PM |
| Posts | 2 |
01-11-2013
06:47 AM
As I understand it, Wildfire won't help with the Java vuln per se, but it might help with the payloads delivered by the exploit. Wildfire only works on Windows executable files, correct? I think it may be pretty hard to sig to the generic vulnerability for this. Most sigs are geared towards formatting idiosyncrasies found within a given exploit kit or even something as simple as the class file names for a specific version of the exploit.
... View more
01-11-2013
06:12 AM
Ran a very quick and dirty test with Wildfire using a few malicious files I could find online. 2 out of 8 of these were judged "benign" by Wildfire (the 2 that were missed were very similar, so 1 out of 7 may be more accurate). Anyway, I know that nothing like this is going to be perfect, so I'm not complaining about the false negatives. Questions: 1) Is it useful to feed false negatives back to you? If you want the samples, what is the best way to share them? 2) Are executables signed by a trusted CA completely whitelisted, or is that just one element used to score the file? 3) Any plans to include analysis of other file types such as jar or pdf? Thanks in advance! Michael
... View more
- Tags:
- wildfire
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-26-2019
07:10 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
