When WildFire analyzes a previously unknown sample in
one of the Palo Alto Networks-hosted WildFire public clouds or a
locally-hosted WildFire private cloud, a verdict is produced to
identify samples as malicious, unwanted (grayware is considered
obtrusive but not malicious), phishing, or benign:
—The sample is safe and does not exhibit
—The sample does not pose a direct security
threat, but might display otherwise obtrusive behavior. Grayware
typically includes adware, spyware, and Browser Helper Objects (BHOs).
—The link directs users to a phishing site
and poses a security threat. Phishing sites are sites that attackers
disguise as legitimate websites with the aim to steal user information,
especially corporate passwords that unlock access to your network.
The WildFire appliance does not support the phishing verdict and
continues to classify these types of links as malicious.
—The sample is malware and poses a security
threat. Malware can include viruses, worms, Trojans, Remote Access
Tools (RATs), rootkits, and botnets. For files identified as malware,
WildFire generates and distributes a signature to prevent against
future exposure to the threat.
Each WildFire cloud—global (U.S.), regional, and private—analyzes
samples and generates WildFire verdicts independently of the other
WildFire clouds. With the exception of WildFire private cloud verdicts,
WildFire verdicts are shared globally, enabling WildFire users to
access a worldwide database of threat data.
Verdicts that you suspect are either false positives or
false negatives can be submitted to the Palo Alto Networks threat
team for additional analysis. You can also manually change verdicts
of samples submitted to WildFire appliances.