WildFire What's New Guide

Additional Malware Test Files

1. Download one of the new malware test files. Select from either direct or API download.
   • Direct Download:
     • If you have SSL decryption enabled on the firewall, use one of the following URLs:
       • APK—https://wildfire.paloaltonetworks.com/publicapi/test/apk
       • MacOSX—https://wildfire.paloaltonetworks.com/publicapi/test/macos
     • If you do not have SSL decryption enabled on the firewall, use one of the following URLs instead:
       • APK—http://wildfire.paloaltonetworks.com/publicapi/test/apk
       • MacOSX—http://wildfire.paloaltonetworks.com/publicapi/test/macos
   • API Download: Make a GET or Post request to the /test resource with the file type you want to retrieve and as well as the -JO option to use the Content-Disposition filename as provided by the server as shown in the following cURL command:
     • APK—

       curl -JO 'https://wildfire.paloaltonetworks.com/publicapi/test/apk'

     • MacOSX—

       curl -JO 'https://wildfire.paloaltonetworks.com/publicapi/test/macos'

   The response saves the malware test file to your local system. Each time you download the test file, it has a different SHA-256 hash value.
2. On the firewall web interface, select MonitorWildFire Submissions to confirm that the file was forwarded for analysis.
   Please wait at least 5 minutes for analysis results to be displayed for the file on the WildFire Submissions page. The verdict for the test file will always display as malware.
3. (Optional) Verify that the files have been properly forwarded.