A Palo Alto Networks firewall configured with a WildFire
analysis profile forwards samples for WildFire analysis based on
file type (including email links). Additionally, the firewall decodes
files that have been encoded or compressed up to four times (such
as files in ZIP format); if the decoded file matches WildFire Analysis
profile criteria, the firewall forwards the decoded file for WildFire analysis.
While the firewall can forward all the file
types listed below, WildFire analysis support can vary depending
on the WildFire cloud to which you are submitted samples. Review WildFire
File Type Support to learn more.
File Types Supported
for WildFire Forwarding
Description
apk
Android Application Package (APK) files.
APK files are not supported for WildFire private cloud analysis
using a WildFire appliance.
flash
Adobe Flash applets and Flash content embedded
in web pages.
jar
Java applets (JAR/class files types).
ms-office
Microsoft Office files, including documents
(DOC, DOCX, RTF), workbooks (XLS, XLSX), and PowerPoint (PPT, PPTX) presentations,
and Office Open XML (OOXML) 2007+ documents.
pe
Portable Executable (PE) files. PEs include
executable files, object code, DLLs, and FON (fonts). A subscription
is not required to forward PE files for WildFire analysis, but is
required for all other supported file types.
pdf
Portable Document Format (PDF) files.
MacOSX
Mach-O, DMG, and PKG files are supported
with content version 599. You can also manually or programmatically
submit all Mac OS X supported file types for analysis (including
application bundles, for which the firewall does not support automatic
forwarding).
email-link
HTTP/HTTPS links contained
in SMTP and POP3 email messages. See Email
Link Analysis.
archive
Roshal Archive (RAR) and 7-Zip
(7z) archive files. Password-protected and Multi-volume archives
are that are split into several smaller files cannot be submitted
for analysis.
