A Palo Alto Networks firewall configured with a WildFire
analysis profile forwards samples for WildFire analysis based on
file type (including email links). Additionally, the firewall decodes
files that have been encoded or compressed up to four times (such
as files in ZIP format); if the decoded file matches WildFire Analysis
profile criteria, the firewall forwards the decoded file for WildFire analysis.
While the firewall can forward all the file
types listed below, WildFire analysis support can vary depending
on the WildFire cloud to which you are submitted samples. Review WildFire
File Type Support to learn more.
File Types Supported
for WildFire Forwarding
Android Application Package (APK) files.
APK files are not supported for WildFire private cloud analysis
using a WildFire appliance.
Adobe Flash applets and Flash content embedded
in web pages.
Java applets (JAR/class files types).
Microsoft Office files, including documents
(DOC, DOCX, RTF), workbooks (XLS, XLSX), and PowerPoint (PPT, PPTX) presentations,
and Office Open XML (OOXML) 2007+ documents.
Portable Executable (PE) files. PEs include
executable files, object code, DLLs, and FON (fonts). A subscription
is not required to forward PE files for WildFire analysis, but is
required for all other supported file types.
Portable Document Format (PDF) files.
Mach-O, DMG, and PKG files are supported
with content version 599. You can also manually or programmatically
submit all Mac OS X supported file types for analysis (including
application bundles, for which the firewall does not support automatic