Shared Config Help Topics
    : WildFire and Antivirus
    Focus
    Focus
    1. Home
    2. Shared Config Help Topics
    3. WildFire and Antivirus

    Shared Config Help Topics

    WildFire and Antivirus

    Table of Contents

    WildFire and Antivirus

    The WildFire and Antivirus security profile protects against malware concealed in files, executables, and email links.
    Here you can:
    • Enable Prisma Access to forward files, executables, and email links to the WildFire cloud for analysis.
    • Specify enforcement actions for traffic that matches an Antivirus or WildFire signature.
    • Define settings for how WildFire works (examples include logging, what session data is sent to the WildFire cloud, and response pages)
    By default, Prisma Access sends files to the WildFire cloud hosted in the United States for analysis. Remote networks and mobile user deployments located in the United Kingdom and Canada are exceptions to this. In these two cases, Prisma Access Cloud Management automatically sends files to the WildFire United Kingdom and WildFire Canada clouds (respectively) to adhere to data sovereignty and residency laws and established data protection and privacy regulations.
    Scroll down to see how to enable a security profile, and check security profile usage. Or, learn more about built-in best practice rules for security profiles.

    Enable a security profile

    1. Use the profile’s dashboard to create and manage your profiles:
      • Review the best practice profiles.
      • Add a new profile.
      • Update existing profiles.
        Several profiles include inline access to resources you can use to inform your updates, including the latest threat content relesae updtes, the Threat Vault threat database, and PAN-DB, the URL Filtering cloud database.
      • Create and manage overrides—Overrides give you a way to specify that a profile treats certain traffic differently than it would by default.
    2. Add the profile to a profile group (go to Security ServicesProfile Groups).
      A profile group is a collection of profiles, and it can include one profile from each type.
    3. Reference the profile group in a security rule.
      A security profile is active only when it’s in a profile group, that’s attached to a security rule.

    Check profile usage

    On each profile’s dashboard, you can check to see the number of security rules using the profile:

    © 2024 Palo Alto Networks, Inc. All rights reserved.