WildFire Appliance Archive Support
The WildFire appliance running PAN-OS 9.0 or later can now analyze and classify RAR and 7-Zip archives, which can be used by an adversary to covertly deliver malicious payloads to users.
The WildFire appliance can now analyze and classify archive (RAR and 7-Zip) files with malicious, benign, or grayware verdicts. Previously this feature was only present in the WildFire cloud. This analysis capability has now been expanded to include WildFire appliances running PAN-OS 9.0 and later.
- When any file contained within an archive is determined to be malicious, the archive file is considered malicious by WildFire.
- Archive files that are multi-part or password protected cannot be analyzed.
The WildFire appliance is capable of analyzing the following archive file types:
- RAR—Supports Roshal Archive (.rar) files.
- 7-Zip—Supports (.7z) files.
To forward archive files for analysis, the WildFire Analysis Profile on the firewall must be configured to forward the archive file type or Any unknown files to the WildFire private cloud.
- Enable file type forwarding.
- Select Objects > Security Profiles > WildFire Analysis and Add or modify a profile to define traffic to forward for WildFire analysis.
- Add or modify a profile rule, select file type, and set the rule to forward the new Any file type. You can also specify the archive file type if you want to forward only archives.Profile rules with the file type set to Any forward all file types for WildFire analysis.
- Select Destination and set the profile rule to forward the files to the private-cloud.
- Click OK to save the new or modified WildFire Analysis profile.
- Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
- Select Policies > Security and Add or modify a security policy rule.
- Select Actions and set the Profile Type to Profiles.
- Select the newly-created WildFire Analysis profile.
- Click OK to save the security policy rule.
- Select Monitor > WildFire Submissions to find WildFire verdicts and analysis reports for archive files that have been submitted by the firewall.
File Analysis A Palo Alto Networks firewall configured with a WildFire analysis profile forwards samples for WildFire analysis based on file type (including email links). ...
Compressed and Encoded File Analysis
Compressed and Encoded File Analysis By default, the firewall decodes files that have been encoded or compressed up to four times, including files that have ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Device > Setup > WildFire
Device > Setup > WildFire Select Device Setup WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud ...
Objects > Security Profiles > WildFire Analysis
Objects > Security Profiles > WildFire Analysis Use a WildFire Analysis profile to specify for WildFire file analysis to be performed locally on the WildFire ...
WildFire File Type Support
WildFire File Type Support The following table lists the file types that are supported for analysis in the WildFire cloud environments. File Types Supported for ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...