To use this feature, be sure to download
and install the latest PAN-OS content release. PAN-OS Applications
and Threats content release 8168 enables firewalls operating PAN-OS
8.1 and later to forward script files to the WildFire cloud for
analysis. For more information about the update, refer to the Applications
and Threat Content Release Notes.
Script sample support has
been expanded to include .bat (batch) files. As with all other currently
supported script file types (JScript [.js], VBScript [.vbs], and
PowerShell Script [.ps1], the WildFire public cloud can now analyze
and classify batch files with verdicts using static and dynamic
analysis. When a malicious batch file is discovered, the WildFire
cloud generates and distributes C2 and DNS signatures to firewalls
to prevent successful attacks. To ensure that you are protected
from the latest threats, always keep your firewalls up-to-date with
the latest content and software updates from Palo Alto Networks.
The WildFire appliance does not support batch file analysis
at this time.
Only firewalls operating PAN-OS 8.1 and later can forward
scripts to the WildFire public cloud.
forward script files for analysis, the
on the firewall must be configured to forward
file type or
files to the WildFire public cloud.
Enable file type
Objects > Security Profiles
> WildFire Analysis
a profile to define traffic to forward for WildFire analysis.
Add or modify a profile rule, select
and set the rule to forward the new
type. You can also specify the
type if you want to forward only scripts.
with the file type set to
file types for WildFire analysis.
Select Destination and set the profile rule to forward the
files to the
to save the new or modified
WildFire Analysis profile.
Attach the WildFire Analysis profile to a security policy
rule—traffic matched to the policy rule is forwarded for WildFire
find WildFire verdicts and analysis reports for script files that
have been submitted by the firewall.
You can submit
script files directly to the WildFire public cloud for analysis
from the WildFire portal as well as the WildFire API:
Manually submit script files to the WildFire
public cloud for analysis. You can then view the WildFire sample
analysis report and verdict (malicious, grayware or benign) on the
Use the WildFire API to submit files to
the WildFire public cloud. You can use the WildFire API to retrieve verdicts and analysis reports
for the files. You can also specify script as the target analysis
environment when you retrieve a packet capture through the