Advanced WildFire Support for CMD Files

Table of Contents

Centralized Audit Logging for Enterprise DLP

Advanced WildFire Support for CMD Files

The Advanced WildFire cloud now supports forwarding, analysis, and prevention of threats contained in CMD (batch script) files.

To enable forwarding of cmd files (forwarded as a script filetype) from the NGFW, be sure to download and install the latest PAN-OS content release. PAN-OS Applications and Threats content release allows NGFWs operating PAN-OS to forward cmd files to the Advanced WildFire cloud for analysis. For more information about the update, refer to the Applications and Threat Content Release Notes.

To download the release notes, log in to the Palo Alto Networks Support Portal, click UpdatesDynamic Updates and select the release notes listed under Apps + Threats.

Palo Alto Networks® Advanced WildFire® now supports forwarding, analysis, and prevention of threats contained in batch script files (CMD). CMD files are Windows batch scripts that can be used to execute malicious commands and are frequently leveraged in attack chains. Because batch scripts can execute arbitrary system commands, any malicious contents that can be delivered using those vectors are analyzed by the Advanced WildFire cloud for threats.

When a malicious file is discovered, the Advanced WildFire cloud generates and distributes protections to prevent future successful attacks. To ensure that you are protected from the latest threats, always download and install the latest content and software updates from Palo Alto Networks.

To forward CMD files for analysis, the WildFire Analysis Profile must be configured to forward the . You can also select Any to forward all supported unknown files to the Advanced WildFire cloud for analysis.

Advanced Enterprise DLP Incident Filter

Centralized Audit Logging for Enterprise DLP