Verdicts

When WildFire analyzes a previously unknown sample in the Palo Alto Networks-hosted WildFire global cloud or a locally-hosted WildFire private cloud, a verdict is produced to identify samples as malicious, unwanted (grayware is considered obtrusive but not malicious), phishing, or benign:
  • Benign
    —The sample is safe and does not exhibit malicious behavior.
  • Grayware
    —The sample does not pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes adware, spyware, and Browser Helper Objects (BHOs).
  • Phishing
    —The link directs users to a phishing site and poses a security threat. Phishing sites are sites that attackers disguise as legitimate websites with the aim to steal user information, especially corporate passwords that unlock access to your network. The WildFire appliance does not support the phishing verdict and continues to classify these types of links as malicious.
  • Malicious
    —The sample is malware and poses a security threat. Malware can include viruses, worms, Trojans, Remote Access Tools (RATs), rootkits, and botnets. For files identified as malware, WildFire generates and distributes a signature to prevent against future exposure to the threat.
Each WildFire cloud—global, regional, and private—analyzes samples and generates WildFire verdicts independently of the other WildFire clouds. With the exception of WildFire private cloud verdicts, WildFire verdicts are shared globally, enabling WildFire users to access a worldwide database of threat data.
Verdicts that you suspect are either false positives or false negatives can be submitted to the Palo Alto Networks threat team for additional analysis. You can also manually change verdicts of samples submitted to WildFire appliances.

Related Documentation