Test a Sample Malware File

Table of Contents

Test a Sample Malware File

Where Can I Use This?	What Do I Need?
NGFW (Managed by PAN-OS or Panorama) VM-Series CN-Series	Advanced WildFire or WildFire License

Palo Alto Networks provides sample malware files that you can use to test an Advanced WildFire configuration. Take the following steps to download the malware sample file, verify that the file is forwarded for Advanced WildFire analysis, and view the analysis results.

Download one of the malware test files. You can select from PE, APK, MacOSX, and ELF.

Before downloading an encrypted WildFire sample malware file, you must temporarily disable the *.wildfire.paloaltonetworks.com entry from the exclude from decryption list on the Device > Certificate Management > SSL Decryption Exclusion page, otherwise the sample will not download correctly. After conducting a verification test, be sure to re-enable the *.wildfire.paloaltonetworks.com entry on the SSL decryption exclusion page.
- If you have SSL decryption enabled on the firewall, use one of the following URLs:
- If you do not have SSL decryption enabled on the firewall, use one of the following URLs instead:
The test file is named wildfire-test-file_type-file.exe and each test file has a unique SHA-256 hash value.

You can also use the WildFire API to retrieve a malware test file. See the WildFire API Reference for details.
On the firewall web interface, select MonitorWildFire Submissions to confirm that the file was forwarded for analysis.
Please wait at least five minutes for analysis results to be displayed for the file on the WildFire Submissions page. The verdict for the test file will always display as malware.

Verify Sample Submissions

Verify File Forwarding