Upload a File to WildFire for Analysis
Before the integration of the Traps solution, WildFire typically only analyzed an executable file if it was sent through or uploaded from the firewall or if it was submitted using the WildFire portal. This meant that some executable files, while common, may not have been analyzed because it was not common to submit them using the traditional methods. To reduce the number of executable files that are unknown by the ESM Server and by WildFire, you can manually or automatically send unknown executable files to WildFire for immediate analysis. To automatically send unknown files to WildFire, see Set Up the ESM to Communicate with WildFire.
If the option to automatically send unknown files is disabled, you can instead manually upload a file on a case-by-case basis. When a user opens an unknown executable file, Traps uploads the file to the forensic folder (so long as the file does not exceed the configured maximum size in Step 8 when you Set Up the ESM to Communicate with WildFire). Then, when you initiate a manual upload of the file, the ESM Server sends the file from the forensic folder to WildFire.
After WildFire completes its analysis and returns the verdict and report, the ESM Server sends the changed verdict to all Traps agents and enforces the policy.
As more agents enable automatic forwarding of unknown files or submit them manually, the total number of unknown files is expected to decrease dramatically for all users.
- From the ESM Console, select PoliciesMalwareHash Control.
- To view the WildFire verdict for a specific hash, do
one of the following:
- Use the search at the top of the page to search for a hash value or process name.
- Use the paging controls on the top right of each page to view different portions of the table.
- Filter the table entries by clicking the filter icon to the right of a column to specify up to two sets of criteria by which to filter the results. For example, filter the Verdict column for unknown files.
- Select the row to view additional details about the process hash and then Upload the file to WildFire.
WildFire The Traps agent is designed to block attacks before any malicious code can run on the endpoint. While this approach ensures the safety of ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...
Set Up the ESM to Communicate with WildFire
Set Up the ESM to Communicate with WildFire WildFire integration is enabled by default; however, you must set up the ESM to communicate with WildFire. ...
File Hash Search Conditions
File Hash Search Conditions Search fields at the top of the Hash Control page allow you to filter using one or more search conditions. For ...
Malware Protection Policy Best Practices
Malware Protection Policy Best Practices The key principle when defining a malware protection policy is to minimize the chance of infection from known and unknown ...
WildFire Integration WildFire is the Palo Alto Networks sandbox solution for analyzing unfamiliar files—including unknown executable files. WildFire issues verdicts for all scrutinized files: benign ...
Verdict Caches Traps stores hashes and the corresponding Verdicts for all executable files that open on the endpoint in its local cache . The local ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Issues Addressed in Traps Endpoint Security Manager 4.2
List of addressed issues in the Traps Endpoint Security Manager 4.2. ...