Advanced WildFire Content-Based Script File Identification
Focus
Focus
What's New in the NetSec Platform

Advanced WildFire Content-Based Script File Identification

Table of Contents


Advanced WildFire Content-Based Script File Identification

Advanced WildFire uses ML to classify extensionless scripts, improving detection of evasion techniques and analyzing potential threats for enhanced security.
The Advanced WildFire cloud can now automatically classify script submissions that either lack extensions or have incorrect extensions using ML techniques as a 'potential-script' before they undergo WildFire analysis for malicious content. When a file is identified as a potential script, it is sent to the cloud-based Advanced WildFire malware detection service for further analysis and processing. This capability enables detection of certain evasion techniques where attackers manipulate file extensions to circumvent security measures that rely on known file types. You can use this to improve your security against malware that exploits file type mismatches, such as AsyncRAT Trojan. The feature supports identification of various script types, including JavaScript, PowerShell, VBScript, shell scripts, Python, and more, prioritized based on malware volume and customer escalations. The analysis results and verdicts are available for review in Strata Cloud Manager, locally on the firewall, and via the APIs. Submissions that are not defined as a known script are analyzed as text files.
This is enabled through the WildFire Analysis Profile in the form of a new forwarding file type: . When the file type is forwarded to a WildFire cloud option (WildFire appliance and the WildFire global cloud), it will analyze the contents of files without and incorrect extensions that pass through your firewall locally, before it is evaluated by the WildFire cloud as the identified script type. You can also submit files through the WildFire API. The feature logs its actions, allowing you to monitor its performance and any potential threats it identifies.