Palo Alto Networks WildFire Subscription adds support for Archive (RAR/7z) and Linux ELF File Analysis

By Allen Wilkes

Technical Sales Consultant

Palo Alto Networks have added support for archive (RAR/7z) & Linux (ELF) binaries to the WildFire public cloud subscription in the Application and Threat Content release version 745 dated 25/10/2017 for PAN-OS versions 8.0 and higher with malicious, benign, or grayware verdicts. The WildFire appliance does not support ELF and archive file analysis.

Follow the WildFire best practices configuration below to ensure your Palo Alto Networks WildFire subscription is providing the highest level of unknown threat protection.

 

WildFire Best Practice Configuration

Best practice for WildFire configuration recommends are as followsChoose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs

1) Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs

  • WildFire Global Cloud – wildfire.paloaltonetworks.com
  • WildFire EU Cloud – eu.wildfire.paloaltonetworks.com
  • WildFire Japan Cloud – jp.wildfire.paloaltonetworks.com
  • WildFire Singapore Cloud – sg.wildfire.paloaltonetworks.com

2) Enable both Report Benign Files & Grayware Files

3) Change the file size limits to the maximum sizes allowed

 

FILE TYPE SIZE LIMIT
pe 10MB
apk 50 MB
pdf 1000 KB
ms-office 10,000 KB
jar 10 MB
flash 10 MB
MacOSX 50 MB
archive 50 MB
linus 10 MB

 

 

Have your say