How to Test WildFire with a Fake Malicious File

How to Test WildFire with a Fake Malicious File

65839
Created On 09/26/18 13:47 PM - Last Modified 09/25/23 16:35 PM


Resolution


Details

During the deployment of WildFire or WF-500 customers may want to test the download of malicious files. Since WildFire does not forward files that are known or signed by a trusted file signer, Palo Alto Networks provides a mechanism to easily test this setup.

 

Palo Alto Networks randomly generates a test file and provides it at the following URL:

http://wildfire.paloaltonetworks.com/publicapi/test/pe

 

The purpose of this test file is strictly for testing file forwarding to the WildFire Cloud (public and private WF-500).  Note that there will be no signature created for these test PE files, therefore the test file will never be blocked as virus or wildifre-virus even if Antivirus Profile is configured for the policy.

 

owner: mdjeric

Additional Information


We also have other file types than PE. Please refer to the WildFire Administrator's Guide for more details.
https://docs.paloaltonetworks.com/wildfire/10-1/wildfire-admin/submit-files-for-wildfire-analysis/verify-wildfire-submissions/test-a-sample-malware-file.html

NOTE: Make sure DSRI is not checked on the Security Policy rule when testing malware samples from our test malware site.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloTCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language