Verdicts
Focus
Focus
Advanced WildFire

Verdicts

Table of Contents

Verdicts

Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • VM-Series
  • CN-Series
  • Advanced WildFire License
    For
    Prisma Access
    , this is usually included with your
    Prisma Access
    license.
When Advanced WildFire analyzes a previously unknown sample in one of the Palo Alto Networks-hosted Advanced WildFire public clouds or a locally-hosted WildFire private cloud, a verdict is produced to identify samples as malicious, unwanted (grayware is considered obtrusive but not malicious), phishing, or benign:
  • Benign
    —The sample is safe and does not exhibit malicious behavior.
  • Grayware
    —The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
  • Phishing
    —The link directs users to a phishing site and poses a security threat. Phishing sites are sites that attackers disguise as legitimate websites with the aim to steal user information, especially corporate passwords that unlock access to your network. The WildFire appliance does not support the phishing verdict and continues to classify these types of links as malicious.
  • Malicious
    —The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, and botnets. For files identified as malware, signatures are generated and distributed to prevent against future exposure to the threat.
Each Advanced WildFire cloud—global (U.S.) and regional, and the WildFire private cloud—analyzes samples and generates WildFire verdicts independently of the other WildFire cloud options. With the exception of WildFire private cloud verdicts, verdicts are shared globally, enabling Advanced WildFire users to access a worldwide database of threat data.
Verdicts that you suspect are either false positives or false negatives can be submitted to the Palo Alto Networks threat team for additional analysis. You can also manually change verdicts of samples submitted to WildFire appliances.

Recommended For You