WildFire Verdict

If an executable file is not signed by any Trusted Signers, the Traps agent performs a hash verdict lookup to determine if a verdict already exists in its local cache.
If the executable file has a malware verdict, Traps reports the security event to the Endpoint Security Manager and, depending on the configured behavior for malicious files, Traps then does one of the following:
  • Blocks the malicious executable file
  • Notifies the user about the file but still allows the file to execute
  • Logs the issue without notifying the user and allows the file to execute.
If the verdict for a hash indicates that the associated file is benign, Traps moves on to the next stage of evaluation (see Phase 2: Evaluation of the Restriction Policy).
If the hash does not exist in the local cache or has an unknown verdict, Traps performs Local Static Analysis.

Related Documentation