The firewall forwards unknown samples, as well as blocked files
that match antivirus signatures, for Advanced WildFire analysis
based on the configured WildFire Analysis profile settings (). In addition
to detecting links included in emails, files that are attached to
emails, and browser-based file downloads, the firewall leverages
the App-ID to detect file transfers within applications. For samples
that the firewall detects, the firewall analyzes the structure and
content of the sample and compares it against existing signatures.
If the sample matches a signature, the firewall applies the default
action defined for the signature (allow, alert, or block). If the
sample matches an antivirus signature or if the sample remains unknown
after comparing it against Advanced WildFire signatures, the firewall
forwards it for Advanced WildFire analysis.
By default, the firewall also forwards information about the
session in which an unknown sample was detected. To manage the session
information that the firewall forwards, select and
edit Session Information Settings.