WildFire can discover zero-day malware in web traffic
(HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic
and can quickly generate signatures to identify and protect against
future infections from the malware it discovers. WildFire automatically
generates a signature based on the malware payload of the sample and
tests it for accuracy and safety.
Each WildFire cloud—global, regional, and private—analyzes samples
and generates malware signatures independently of the other WildFire
clouds. With the exception of WildFire private cloud signatures,
WildFire signatures are shared globally, enabling WildFire users
worldwide to benefit from malware coverage regardless of the location
in which the malware was first detected. Because malware evolves rapidly,
the signatures that WildFire generates address multiple variants
of the malware.
Firewalls with an active WildFire license can retrieve the latest
WildFire signatures every five minutes. If you do not have a WildFire
subscription, signatures are made available within 24-48 hours as
part of the antivirus update for firewalls with an active Threat
As soon as the firewall downloads and installs the new signature,
the firewall can block the files that contain that malware (or a
variant of the malware). Malware signatures do not detect malicious
and phishing links; to enforce these links, you must have a PAN-DB
URL Filtering license. You can then block user access to malicious
and phishing sites.