Test a Sample Malware File
Focus
Focus
Advanced WildFire Powered by Precision AI™

Test a Sample Malware File

Table of Contents

Test a Sample Malware File

Where Can I Use This?What Do I Need?
  • NGFW (Managed by PAN-OS or Panorama)
  • VM-Series
  • CN-Series
  • Advanced WildFire or WildFire License
Palo Alto Networks provides sample malware files that you can use to test an Advanced WildFire configuration. Take the following steps to download the malware sample file, verify that the file is forwarded for Advanced WildFire analysis, and view the analysis results.
  1. Download one of the malware test files. You can select from PE, APK, MacOSX, and ELF.
    Before downloading an encrypted WildFire sample malware file, you must temporarily disable the *.wildfire.paloaltonetworks.com entry from the exclude from decryption list on the Device > Certificate Management > SSL Decryption Exclusion page, otherwise the sample will not download correctly. After conducting a verification test, be sure to re-enable the *.wildfire.paloaltonetworks.com entry on the SSL decryption exclusion page.
    The test file is named wildfire-test-file_type-file.exe and each test file has a unique SHA-256 hash value.
    You can also use the WildFire API to retrieve a malware test file. See the WildFire API Reference for details.
  2. On the firewall web interface, select MonitorWildFire Submissions to confirm that the file was forwarded for analysis.
    Please wait at least five minutes for analysis results to be displayed for the file on the WildFire Submissions page. The verdict for the test file will always display as malware.