Traps Endpoint Security Manager Administrator's Guide
    : Upload a File to WildFire for Analysis
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Malware Protection
    5. Manage Hashes for Files
    6. Upload a File to WildFire for Analysis

    Traps Endpoint Security Manager Administrator's Guide

    Upload a File to WildFire for Analysis

    Table of Contents

    Upload a File to WildFire for Analysis

    Before the integration of the Traps solution, WildFire typically only analyzed an executable file if it was sent through or uploaded from the firewall or if it was submitted using the WildFire portal. This meant that some executable files, while common, may not have been analyzed because it was not common to submit them using the traditional methods. To reduce the number of executable files that are unknown by the ESM Server and by WildFire, you can manually or automatically send unknown executable files to WildFire for immediate analysis. To automatically send unknown files to WildFire, see Set Up the ESM to Communicate with WildFire.
    If the option to automatically send unknown files is disabled, you can instead manually upload a file on a case-by-case basis. When a user opens an unknown executable file, Traps uploads the file to the forensic folder (so long as the file does not exceed the configured maximum size in Step 8 when you Set Up the ESM to Communicate with WildFire). Then, when you initiate a manual upload of the file, the ESM Server sends the file from the forensic folder to WildFire.
    After WildFire completes its analysis and returns the verdict and report, the ESM Server sends the changed verdict to all Traps agents and enforces the policy.
    As more agents enable automatic forwarding of unknown files or submit them manually, the total number of unknown files is expected to decrease dramatically for all users.
    1. From the ESM Console, select PoliciesMalwareHash Control.
    2. To view the WildFire verdict for a specific hash, do one of the following:
      • Use the search at the top of the page to search for a hash value or process name.
      • Use the paging controls on the top right of each page to view different portions of the table.
      • Filter the table entries by clicking the filter icon
        to the right of a column to specify up to two sets of criteria by which to filter the results. For example, filter the Verdict column for unknown files.
    3. Select the row to view additional details about the process hash and then Upload the file to WildFire.

    © 2024 Palo Alto Networks, Inc. All rights reserved.