Palo Alto Networks WildFire Subscription adds support for Archive (RAR/7z) and Linux ELF File Analysis

By Allen Wilkes

Technical Sales Consultant

Palo Alto Networks have added support for archive (RAR/7z) & Linux (ELF) binaries to the WildFire public cloud subscription in the Application and Threat Content release version 745 dated 25/10/2017 for PAN-OS versions 8.0 and higher with malicious, benign, or grayware verdicts. The WildFire appliance does not support ELF and archive file analysis.

Follow the WildFire best practices configuration below to ensure your Palo Alto Networks WildFire subscription is providing the highest level of unknown threat protection.

 

WildFire Best Practice Configuration

Best practice for WildFire configuration recommends are as follows:

Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs

1) Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs

  • WildFire Global Cloud – wildfire.paloaltonetworks.com
  • WildFire EU Cloud – eu.wildfire.paloaltonetworks.com
  • WildFire Japan Cloud – jp.wildfire.paloaltonetworks.com
  • WildFire Singapore Cloud – sg.wildfire.paloaltonetworks.com

2) Enable both Report Benign Files & Grayware Files

3) Change the file size limits to the maximum sizes allowed

 

FILE TYPESIZE LIMIT
pe10MB
apk50 MB
pdf1000 KB
ms-office10,000 KB
jar10 MB
flash10 MB
MacOSX50 MB
archive50 MB
linus10 MB

 

 

Have your say