WildFire can discover zero-day malware in web traffic
(HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic
and can quickly generate signatures to identify and protect against
future infections from the malware it discovers. WildFire automatically
generates a signature based on the malware payload of the sample
and tests it for accuracy and safety.
Each WildFire cloud—global, regional, and private—analyzes samples
and generates malware signatures independently of the other WildFire
clouds. With the exception of WildFire private cloud signatures,
WildFire signatures are shared globally, enabling WildFire users
worldwide to benefit from malware coverage regardless of the location
in which the malware was first detected. Because malware evolves
rapidly, the signatures that WildFire generates address multiple
variants of the malware.
Firewalls with an active WildFire license can retrieve the latest
WildFire signatures in real-time, as soon as they become available.
If you do not have a WildFire subscription, signatures are made
available within 24-48 hours as part of the antivirus update for
firewalls with an active Threat Prevention license.
As soon as the firewall downloads and installs the new signature,
the firewall can block the files that contain that malware (or a
variant of the malware). Malware signatures do not detect malicious
and phishing links; to enforce these links, you must have a PAN-DB
URL Filtering license. You can then block user access to malicious
and phishing sites.