>
    Strata Copilot
    File Handling and Analysis in Advanced WildFire
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. First-Party Integrations
    4. File Handling and Analysis in Advanced WildFire
    Download PDF
    Prisma Access Browser

    File Handling and Analysis in Advanced WildFire

    Table of Contents

    File Handling and Analysis in Advanced WildFire

    How to Manage WildFire
    Advanced WildFire is a cloud-delivered malware analysis service that uses a tiered approach to file inspection. This design prioritizes both strong security controls and optimal performance, especially in terms of latency

    File Size Thresholds and Reputation Checks

    Wildfire is also able to scan documents via the Prisma Access Browser Extension (PABX).
    Advanced WildFire evaluates all submitted files against a maximum size threshold of 300 MB
    • Files over 300 MB
      • These files bypass reputation-based scanning and never enter the WildFire knowledge base.
      • The system applies the fall back policy rule configured by the administrator, which determines whether to enable (permissive) or block (protective) the file.
    • Files 300 MB or smaller
      • WildFire checks the file's hash against the reputation database.
        • If the reputation database indicates that the file is benign, then the system enables it.
        • If the reputation database indicates that the file is malicious, then the system blocks it.
      • For files 20 MB or smaller, the browser waits for a Static Analysis verdict before proceeding. This step mitigates security risks while minimizing end-user latency.
      • For unknown files between 20 MB and 300 MB, the system defers to the administrator’s fall back policy rule to determine access, as waiting for analysis results could degrade performance.

    Dynamic Analysis of Unknown Files

    The system submits all unknown files under 300 MB to Dynamic Analysis, which executes the files in a controlled environment to detect advanced threats. Although this enhances the accuracy of the WildFire reputation database, Dynamic Analysis currently does not support file quarantine-a capability planned for a future release.
    By integrating multiple analysis layers, Advanced WildFire enables organizations to maintain robust security while minimizing disruption to end users.

    Password-Protected File Handling

    Advanced WildFire attempts to scan password-protected files using a brute-force unlocking mechanism, subject to format compatibility and defined limitations.

    Supported File Types for Brute-Force Unlocking

    The brute-force process supports the following password-protected formats:
    • .rar archive files
    • .pdf document files
    • Microsoft Office files (2007 or later), including
      • .docx
      • .xlsx
      • .pptx
    The system blocks scanning for password-protected files that fall outside of these formats under all circumstances.
    Brute Force Failure Handling
    If the brute-force attempt fails to unlock the file:
    • The file won't be scanned.
    • The returned scan verdict will be "Unknown."
      • This ‘Unknown’ status is currently treated as benign, enabling the file to pass without further inspection.

    Administrator-Defined Fallbacks

    You can set your own fallback policy rule when one of the following events occurs:
    • File size exceeded
    • Connection error or service unavailable
    • Unsupported file type
    In all of these cases, you can decide whether to treat the file as Benign and enable it, or as Malicious and block it.

    Supported File Types

    Supported File Types
    ExtensionFile TypeExtensionFile Type
    .7z7zip Archive.pptxMicrosoft PowerPoint Document
    .swfAdobe Flash File.slkMicrosoft Symbolic Link
    .apkAndroid APK.iqyMicrosoft Web query
    .dexAndroid DEX.bat.docMicrosoft Word 97-2003 Document
    .bzbzip2 archive.docxMicrosoft Word Document
    .csvcomma separated values.odsOpenDocument Spreadsheet Document
    .dllDLL/DLL64.odfOpen~Document Text Document
    .elfELF.pdfPortable Document Format
    .gzGzip archive.exePE/PE64
    .htaHTML application.plPerl script
    .isoISO.pngPortable Network Graphics
    .classJAVA class.ps1PowerShell
    .jarJAVA jar.pyPython Script
    .js/.jse/.wsfJavascript/Scipt.papRAR Archive
    .jpgJoint Photographic Experts Group.rtfRich Text Format
    .elinkLink.shShell Script
    .machoMach-o.tarTAR Archive
    .pkgmacOS App Installer.vbs/.vbeVBScript
    .zbundlemacOS App Bundle in ZIP Archive.msiWindows Installer Package
    .fatmacOS Universal Binary File.InlWindows Link File
    .dmgmacOS Disk Image.wsfWindows Script
    .xlsMicrosoft Excel 97-2003.zipZIP Archive
    .xlsxMicrosoft Excel.aspActive Server Pages
    .oneMicrosoft One Note Document.aspxActive Server Packages Extended
    .pptMicrosoft PowerePoint 97-2003.xml Extensible Markup Language
    .htmlHyperText Markup Language
    Nested Archives are supported in zip, rar, 7z, bzip2, iso, gz, tar, vhd, docx, pptx, xlsx, jar.

    © 2025 Palo Alto Networks, Inc. All rights reserved.