Palo Alto Networks Knowledgebase: How to Enable WildFire protection with signature sourcing from WildFire samples with malicious verdict

How to Enable WildFire protection with signature sourcing from WildFire samples with malicious verdict

11532
Created On 07/16/19 07:36 AM - Last Updated 07/23/19 08:52 AM
WildFire
Resolution

Overview

This document describes how to configure WildFire protection signature sourcing from WildFire samples with malicious verdict.

 

Requirements:

Steps

  1. From the WebGUI, go to Objects > Security Profiles > Antivirus
  2. Choose the appropriate profile (existing or new). Note: The "default' profile cannot be used for WildFire blocking
  3. For each appropriate protocol, modify the action to "reset-both". Then, click OK. Note: The protocol limitation of POP3/IMAP is not appropriate to set to reset-both/drop action. 
  4. Go to Policies > Security. Select the appropriate security rule (edit existing or create new), then apply Antivirus profile from Step 2 (Go to the Actions tab and look for Profile Setting).
  5. Commit

 

Additional Notes

  • WildFire is not meant to be a complete replacement of Endpoint Antivirus, rather a compliment function for day-1 malicious files.
  • Palo Alto Networks WildFire and Antivirus Protection Signature may encounter certain possible false positive due to its architecture and design nature. 
  • There will be NO signature generated for WildFire test file, hence WildFire test file will NEVER be blocked, for more information please refer to this article

See Also

owner: spiromruen



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldGCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language