WildFire Appliance Archive Support
Table of Contents
Expand all | Collapse all
-
- Advanced WildFire Public Sector Cloud
- Advanced WildFire Government Cloud
- WildFire Spain Cloud
- WildFire Saudi Arabia Cloud
- WildFire Israel Cloud
- WildFire South Korea Cloud
- WildFire Qatar Cloud
- WildFire France Cloud
- WildFire Taiwan Cloud
- WildFire Indonesia Cloud
- WildFire Poland Cloud
- WildFire Switzerland Cloud
- Advanced WildFire Support for Intelligent Run-time Memory Analysis
- Shell Script Analysis Support for Wildfire Inline ML
- Standalone WildFire API Subscription
- WildFire India Cloud
- MSI, IQY, and SLK File Analysis
- MS Office Analysis Support for Wildfire Inline ML
- WildFire Germany Cloud
- WildFire Australia Cloud
- Executable and Linked Format (ELF) Analysis Support for WildFire Inline ML
- Global URL Analysis
- WildFire Canada Cloud
- WildFire UK Cloud
- HTML Application and Link File Analysis
- Recursive Analysis
- Perl Script Analysis
- WildFire U.S. Government Cloud
- Real Time WildFire Verdicts and Signatures for PDF and APK Files
- Batch File Analysis
- Real Time WildFire Verdicts and Signatures for PE and ELF Files
- Real Time WildFire Verdicts and Signatures for Documents
- Script Sample Analysis
- ELF Malware Test File
- Email Link Analysis Enhancements
- Sample Removal Request
- Updated WildFire Cloud Data Retention Period
- DEX File Analysis
- Network Traffic Profiling
- Additional Malware Test Files
- Dynamic Unpacking
- Windows 10 Analysis Environment
- Archive (RAR/7z) and ELF File Analysis
- WildFire Analysis of Blocked Files
- WildFire Phishing Verdict
WildFire Appliance Archive Support
The WildFire appliance running PAN-OS 9.0 or later can
now analyze and classify RAR and 7-Zip archives, which can be used
by an adversary to covertly deliver malicious payloads to users.
The WildFire appliance can now analyze and
classify archive (RAR and 7-Zip) files with malicious, benign, or
grayware verdicts. Previously this feature was only present in the
WildFire cloud. This analysis capability has now been expanded to
include WildFire appliances running PAN-OS 9.0 and later.
- When any file contained within an archive is determined to be malicious, the archive file is considered malicious by WildFire.
- Archive files that are multi-part or password protected cannot be analyzed.
The WildFire appliance is capable
of analyzing the following archive file types:
- RAR—Supports Roshal Archive (.rar) files.
- 7-Zip—Supports (.7z) files.
To forward archive
files for analysis, the
WildFire Analysis Profile
on
the firewall must be configured to forward the archive
file
type or Any
unknown files to the WildFire
private cloud.- Enable file type forwarding.
- SelectObjects > Security Profiles > WildFire AnalysisandAddor modify a profile to define traffic to forward for WildFire analysis.
- Add or modify a profile rule, selectfile type, and set the rule to forward the newAnyfile type. You can also specify thearchivefile type if you want to forward only archives.Profile rules with the file type set toAnyforward all file types for WildFire analysis.
- Select Destination and set the profile rule to forward the files to theprivate-cloud.
- ClickOKto save the new or modified WildFire Analysis profile.
- Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
- SelectPolicies > SecurityandAddor modify a security policy rule.
- SelectActionsand set theProfile TypetoProfiles.
- Select the newly-createdWildFire Analysisprofile.
- ClickOKto save the security policy rule.For detailed steps to configure a WildFire Analysis profile and to attach the profile to a security policy rule, see Forward Files for WildFire Analysis.
- SelectMonitor > WildFire Submissionsto find WildFire verdicts and analysis reports for archive files that have been submitted by the firewall.