WildFire delivers verdicts to identify samples it analyzes as safe, malicious, or unwanted (grayware is considered obtrusive but not malicious):
- Unknown—Initial verdict for a sample for which WildFire has received but has not analyzed.
- Benign—The sample is safe and does not exhibit malicious behavior.
- Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros. For files identified as malware, WildFire generates and distributes a signature to prevent against future exposure to the threat.
- Grayware—The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
- No Connection—Verdict assigned to a sample when WildFire cannot be reached.
When WildFire is not available or integration is disabled, Traps can also assign a local verdict for the sample using additional methods of evaluation: When Traps performs Local analysis on a file, it uses machine learning to determine the verdict. Traps can also compare the signer of a file with a local list of Trusted signers to determine whether a file is malicious:
- Local analysis verdicts:
- Benign—Local analysis determined the sample is safe and does not exhibit malicious behavior.
- Malware—The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, botnets, and malicious macros.
- Trusted signer verdicts:
- Trusted—The sample is signed by a trusted signer.
- Not Trusted—The sample is not signed by a trusted signer.
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Malware Protection Overview
Malware Protection Overview Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather ...
WildFire The Traps agent is designed to block attacks before any malicious code can run on the endpoint. While this approach ensures the safety of ...
Configure the Golden Image
Configure the Golden Image for Non-Persistent VDI To avoid starting your VDI with a cache of unknown executable files, use the Traps VDI tool to ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...
ESM Forwarding The Endpoint Security Manager (ESM) forwards unknown samples for in-depth analysis to the WildFire. You can integrate your ESM environment with either the ...
DLL File Protection
DLL File Protection Traps now extends its malware protection capabilities to block malicious DLL files on Windows endpoints. To provide a layered approach to DLL ...
Set Up a Private WildFire Cloud
Set Up a Private WildFire Cloud For deployments with privacy and legal regulations that restrict the transfer of files outside your network, you can set ...
Report an Incorrect Verdict
Report an Incorrect Verdict When you want WildFire to reanalyze a file and change its official verdict, you can use the Report Incorrect Verdict feature ...