Archive (RAR/7z) and ELF File Analysis
To use this feature, be sure to download and install the latest PAN-OS content release. PAN-OS Applications and Threats content release 745 enables you to specify file forwarding of archive (.rar and 7zip) and linux (ELF) file types. For more information about the update, refer to the Applications and Threat Content Release Notes.To download the release notes, log in to the Palo Alto Networks Support Portal, click Dynamic Updates and select the release notes listed under Apps + Threats.
The WildFire public cloud can now analyze and classify linux (ELF) and archive (RAR and 7-Zip) files with malicious, benign, or grayware verdicts. As with all malicious samples, WildFire public cloud generates and distributes a signature to firewalls to prevent future instances of the file from penetrating your network. Keep in mind, the WildFire appliance does not support ELF and archive file analysis.
Archive and ELF file types are sent in their entirety to the WildFire cloud when submitted for analysis, as they are not decoded by the firewall.
The following new file types are supported for WildFire public cloud analysis:
- Archive Files:
- RAR—Supports Roshal Archive (.rar) files.
- 7-Zip—Supports (.7z) files.
- The archive file verdict is determined by the highest severity verdict of the archive contents.
- Archive files that are multi-part or password protected cannot be analyzed.
- ELF—Supports Executable and Linkable Format (.elf) files.
Manually or Programmatically Submit Archive/ELF Files
Manually or Programmatically Submit Archive/ELF Files Submit archive and ELF file types directly to the WildFire public cloud for analysis. With a WildFire subscription, you ...
Forward Archive/ELF Files for WildFire Analysis
Forward Archive/ELF Files for WildFire Analysis To forward RAR, 7z, and ELF files for WildFire public cloud analysis, the firewall must be configured to forward ...
WildFire Features WildFire Phishing Verdict WildFire Analysis of Blocked Files Panorama Centralized Management for WildFire Appliances WildFire Appliance Clusters Preferred Analysis for Documents or Executables ...
WildFire File Type Support
WildFire File Type Support The following table lists the file types that are supported for analysis in the WildFire cloud environments. File Types Supported for ...
File Analysis A Palo Alto Networks firewall configured with a WildFire analysis profile forwards samples for WildFire analysis based on file type (including email links). ...
WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...
Compressed and Encoded File Analysis
Compressed and Encoded File Analysis By default, the firewall decodes files that have been encoded or compressed up to four times, including files that have ...
WildFire Best Practices
WildFire Best Practices Follow the best practices to secure your network from Layer 4 and Layer 7 evasions to ensure reliable content identification and analysis. ...
Device > Setup > WildFire
Device > Setup > WildFire Select Device Setup WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud ...