WildFire can discover zero-day malware in web traffic (HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic and can quickly generate signatures to identify and protect against future infections from the malware it discovers. WildFire automatically generates a signature based on the malware payload of the sample and tests it for accuracy and safety.

Each WildFire cloud—global, regional, and private—analyzes samples and generates malware signatures independently of the other WildFire clouds. With the exception of WildFire private cloud signatures, WildFire signatures are shared globally, enabling WildFire users worldwide to benefit from malware coverage regardless of the location in which the malware was first detected. Because malware evolves rapidly, the signatures that WildFire generates address multiple variants of the malware.

Firewalls with an active WildFire license can retrieve the latest WildFire signatures in real-time, as soon as they become available. If you do not have a WildFire subscription, signatures are made available within 24-48 hours as part of the antivirus update for firewalls with an active Threat Prevention license.

As soon as the firewall downloads and installs the new signature, the firewall can block the files that contain that malware (or a variant of the malware). Malware signatures do not detect malicious and phishing links; to enforce these links, you must have a PAN-DB URL Filtering license. You can then block user access to malicious and phishing sites.