WildFire reproduces a variety of analysis environments, including operating system, to identify malicious behaviors within samples. Depending on the characteristics and features of the sample, multiple analysis environments may be used to determine the nature of the file. WildFire uses static analysis with machine learning to initially determine if known and variants of known samples are malicious. Based on the initial verdict of the submission, WildFire sends the unknown samples to analysis environment(s) to inspect the file in greater detail by extracting additional information and indicators from dynamic analysis. During dynamic analysis, WildFire observes the file as it would behave when executed within client systems and looks for various signs of malicious activities, such as changes to browser security settings, injection of code into other processes, modification of files in operating system folders, or attempts by the sample to access malicious domains.
WildFire analyzes files using the following methods:
- Static Analysis—Detects known threats by analyzing the characteristics of samples prior to execution.
- Machine Learning—Identifies variants of known threats by comparing malware feature sets against a dynamically updated classification systems.
- Dynamic Analysis—A custom built, evasion resistant virtual environment in which previously unknown submissions are detonated to determine real-world effects and behavior.
- Bare Metal Analysis (WildFire Cloud analysis only)—A fully hardware-based analysis environment specifically designed for advanced VM-aware threats. Samples that display the characteristics of an advanced VM-aware threat are steered towards the bare metal appliance by the heuristic engine.
WildFire operates analysis environments that replicate the following operating systems:
- Microsoft Windows XP 32-bit
- Microsoft Windows 7 64-bit
- Microsoft Windows 7 32-bit (Supported as an option for WildFire appliance only)
- Microsoft Windows 10 64-bit (WildFire Cloud Analysis only)
- Mac OSX (WildFire Cloud Analysis only)
- Android (WildFire Cloud Analysis only)
- Linux (WildFire Cloud Analysis only)
The WildFire public cloud also analyzes files using multiple versions of software to accurately identify malware that target specific versions of client applications. The WildFire private cloud does not support multi-version analysis, and does not analyze application-specific files across multiple versions.
Get WildFire Information through the WildFire API
Get WildFire Information through the WildFire API The WildFire™ API lets you programmatically retrieve WildFire verdicts, samples, packet captures (PCAPs), and WildFire analysis reports. You ...
WildFire Concepts Samples Firewall Forwarding Session Information Sharing Analysis Environment Verdicts File Analysis Email Link Analysis Compressed and Encoded File Analysis WildFire Signatures ...
About WildFire The WildFire Analysis Environment identifies previously unknown malware and generates signatures that Palo Alto Networks firewalls can use to then detect and block ...
WildFire Features WildFire Phishing Verdict WildFire Analysis of Blocked Files Panorama Centralized Management for WildFire Appliances WildFire Appliance Clusters Preferred Analysis for Documents or Executables ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...
WildFire Global Cloud
WildFire Global Cloud A Palo Alto Networks firewall with can forward unknown files and email links to the WildFire global cloud or to one of ...
WildFire Features PAN-OS 8.0.1 is the base image for WF-500 appliances (not PAN-OS 8.0.0). New WildFire Features Description WildFire Appliance Clusters In environments where you ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Windows 10 Analysis Environment
Windows 10 Analysis Environment The WildFire public cloud can now analyze files using the Windows 10 VM, further increasing the threat prevention coverage capabilities of ...