Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Multiple Download of a same Script File detected as Malware in ... - Knowledge Base - Palo Alto Networks

Multiple Download of a same Script File detected as Malware in Wildfire not getting Blocked by Wildfire/Antivirus Threat Prevention Signature

9018
Created On 04/14/22 08:14 AM - Last Modified 06/08/23 08:47 AM


Symptom


Same malicious script file (VBA in this case) is traversing through the firewall multiple times throughout the day. Wildfire is detecting this sample as malware all the time with action 'Allow' and severity 'High'. This is not getting blocked by the Wildfire/ Antivirus Threat Prevention signatures event hough Wildfire/Antivirus signatures are set to 'Block' in the security profile and attached to security policy.

1.png


Resolution


This is working as expected:



Additional Information


On an additional note, Wildfire Inline ML supports blocking of PS and Shell scripts:

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/threat-prevention/wildfire-inline-ml



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004O67CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language