The WildFire appliance running PAN-OS 9.0 or later can
now analyze and classify RAR and 7-Zip archives, which can be used
by an adversary to covertly deliver malicious payloads to users.
The WildFire appliance can now analyze and
classify archive (RAR and 7-Zip) files with malicious, benign, or
grayware verdicts. Previously this feature was only present in the
WildFire cloud. This analysis capability has now been expanded to
include WildFire appliances running PAN-OS 9.0 and later.
When any file contained within an archive is determined to
be malicious, the archive file is considered malicious by WildFire.
Archive files that are multi-part or password protected cannot
The WildFire appliance is capable
of analyzing the following archive file types:
Roshal Archive (.rar) files.
7-Zip—Supports (.7z) files.
To forward archive
files for analysis, the
WildFire Analysis Profile
the firewall must be configured to forward the
unknown files to the WildFire
Enable file type forwarding.
> Security Profiles > WildFire Analysis
modify a profile to define traffic to forward for WildFire analysis.
Add or modify a profile rule, select
and set the rule to forward the new
type. You can also specify the
type if you want to forward only archives.
with the file type set to
file types for WildFire analysis.
Select Destination and set the profile rule to forward the
files to the
to save the new or modified
WildFire Analysis profile.
Attach the WildFire Analysis profile to a security policy
rule—traffic matched to the policy rule is forwarded for WildFire