The Endpoint Security Manager (ESM) forwards unknown
samples for in-depth analysis to the WildFire. You can integrate
your ESM environment with either the WildFire public cloud or a
local WF-500 that acts as a local sandbox. The type of samples the
ESM submits and frequency at which the ESM communicates with WildFire
is determined by the WildFire settings and rules that you configure
Up the ESM to Communicate with WildFire and Configure
a WildFire Rule).
For samples that Traps reports, the agent first checks its local
cache of hashes to determine if it has an existing verdict for that
sample. If Traps does not have a local verdict, Traps queries the
ESM to determine if WildFire has previously analyzed the sample.
If the sample is identified as malware, it is blocked. If the sample
remains unknown after comparing it against existing WildFire signatures,
the ESM forwards the sample for WildFire analysis. For more information,