The firewall forwards unknown samples, as well as blocked
files that match antivirus signatures, for WildFire analysis based
on the configured WildFire Analysis profile settings (). In addition
to detecting links included in emails, files that are attached to
emails, and browser-based file downloads, the firewall leverages
the App-ID to detect file transfers within applications. For samples
that the firewall detects, the firewall analyzes the structure and
content of the sample and compares it against existing signatures.
If the sample matches a signature, the firewall applies the default
action defined for the signature (allow, alert, or block). If the
sample matches an antivirus signature or if the sample remains unknown
after comparing it against WildFire signatures, the firewall forwards
it for WildFire analysis.
By default, the firewall also forwards information about the
session in which an unknown sample was detected. To manage the session
information that the firewall forwards, select and
edit Session Information Settings.