When WildFire analyzes a previously unknown sample in
the Palo Alto Networks-hosted WildFire global cloud or a locally-hosted
WildFire private cloud, a verdict is produced to identify samples
as malicious, unwanted (grayware is considered obtrusive but not
malicious), phishing, or benign:
—The sample is safe and does not exhibit
—The sample does not pose a direct security
threat, but might display otherwise obtrusive behavior. Grayware
typically includes adware, spyware, and Browser Helper Objects (BHOs).
—The link directs users to a phishing site
and poses a security threat. Phishing sites are sites that attackers
disguise as legitimate websites with the aim to steal user information,
especially corporate passwords that unlock access to your network.
The WildFire appliance does not support the phishing verdict and
continues to classify these types of links as malicious.
—The sample is malware and poses a security
threat. Malware can include viruses, worms, Trojans, Remote Access
Tools (RATs), rootkits, and botnets. For files identified as malware,
WildFire generates and distributes a signature to prevent against
future exposure to the threat.
Each WildFire cloud—global, regional, and private—analyzes samples
and generates WildFire verdicts independently of the other WildFire
clouds. With the exception of WildFire private cloud verdicts, WildFire
verdicts are shared globally, enabling WildFire users to access
a worldwide database of threat data.
Verdicts that you suspect are either false positives or
false negatives can be submitted to the Palo Alto Networks threat
team for additional analysis. You can also manually change verdicts
of samples submitted to WildFire appliances.