Hold mode enables you to hold file a sample transfer while the NGFW queries the real-time signature cloud to perform a signature lookup.
Where Can I Use
What Do I Need?
Advanced WildFire License
You can configure the NGFW to hold the transfer of a sample while the real-time
signature cloud performs a signature lookup. When the lookup is completed, the file
is released to the requesting client (or blocked), based on your organization's
security policy for specific WildFire verdicts, preventing the initial transfer of
known malware. You can configure hold mode on a per antivirus profile basis and
apply a global setting for the signature lookup timeout and the associated action.
This feature is available to all users with an active WildFire or Advanced WildFire
license running PAN-OS 11.0 or later.
To enable hold mode for WildFire real-time signature lookups, you must have either a WildFire or Advanced WildFire subscription service license. Make sure to activate the license on the NGFW if you have not done so already. To verify subscriptions for which you have currently-active licenses, select
and verify that the appropriate licenses display and are not expired. The example below shows the description for the standard WildFire license.