alert indicates that a file has been identified as malware.


10 minutes
5 successful Pathfinder scans of the entire network
Traffic logs or Cortex XDR agent endpoint data
Varies by activity (High, Medium, or Low).


A file has been identified by Palo Alto Networks WildFire as malware.
Malware is detected by Cortex XDR agents installed on endpoints, or by Pathfinder analyzing network traffic.
If the Cortex XDR agent is not installed, one of several symptoms caused Pathfinder to scan an endpoint for malicious software. Anomalous network activity might have caused Pathfinder to automatically scan the endpoint. Other symptoms such as threat intelligence received by your network security team might have caused some member of your team to run a manual scan of the endpoint. As a result of the scan, Pathfinder discovered a suspicious file. Consequently, Pathfinder sent either the file or a file signature to Palo Alto Networks WildFire for analysis. WildFire has responded that the file is malware.
If a Cortex XDR agent is installed on endpoints, activity logged by the agent has been identified by Cortex XDR Analytics as possibly generated by malware and can be verified in WildFire.
Pathfinder will not send the file to WildFire for analysis if you disabled in the Pathfinder configuration page
If the malware is already known to WildFire, the malware name is identified in the alert. See the
Malware detection
bullet under
Alert Description
for this information. If the malware was not previously known to WildFire, WildFire uses
to indicate that it identified the file as malware by exercising the file locally.

Attacker's Goals

Malware is malicious software used by attackers for a variety of purposes. It is often used for automated, broad, non-targeted attacks. It can also be controlled remotely so that the attacker can use it to enable his goals in any stage of the attack lifecycle.

Investigative Actions

  • Read through the WildFire report to discover details about the malware.
  • Use the endpoint profile to look for suspicious artifacts indicative of malware activity.
  • Investigate site traffic generated by the detected malware with Cortex XDR.
  • In the
    page, look for other endpoints that are showing this alert, and investigate them as well for a possible malware infection.

Recommended For You