Malwarealert indicates that a file has been identified as malware.
A file has been identified by Palo Alto Networks WildFire as malware.
Malware is detected by Cortex XDR agents installed on endpoints, or by Pathfinder analyzing network traffic.
If the Cortex XDR agent is not installed, one of several symptoms caused Pathfinder to scan an endpoint for malicious software. Anomalous network activity might have caused Pathfinder to automatically scan the endpoint. Other symptoms such as threat intelligence received by your network security team might have caused some member of your team to run a manual scan of the endpoint. As a result of the scan, Pathfinder discovered a suspicious file. Consequently, Pathfinder sent either the file or a file signature to Palo Alto Networks WildFire for analysis. WildFire has responded that the file is malware.
If a Cortex XDR agent is installed on endpoints, activity logged by the agent has been identified by Cortex XDR Analytics as possibly generated by malware and can be verified in WildFire.
Pathfinder will not send the file to WildFire for analysis if you disabled in the Pathfinder configuration page
If the malware is already known to WildFire, the malware name is identified in the alert. See the
Malware detectionbullet under
Alert Descriptionfor this information. If the malware was not previously known to WildFire, WildFire uses
Sandboxto indicate that it identified the file as malware by exercising the file locally.
Malware is malicious software used by attackers for a variety of purposes. It is often used for automated, broad, non-targeted attacks. It can also be controlled remotely so that the attacker can use it to enable his goals in any stage of the attack lifecycle.
- Read through the WildFire report to discover details about the malware.
- Use the endpoint profile to look for suspicious artifacts indicative of malware activity.
- Investigate site traffic generated by the detected malware with Cortex XDR.
- In theTriagepage, look for other endpoints that are showing this alert, and investigate them as well for a possible malware infection.
Recommended For You
Recommended videos not found.