Palo Alto Networks have added support for archive (RAR/7z) & Linux (ELF) binaries to the WildFire public cloud subscription in the Application and Threat Content release version 745 dated 25/10/2017 for PAN-OS versions 8.0 and higher with malicious, benign, or grayware verdicts. The WildFire appliance does not support ELF and archive file analysis.
Follow the WildFire best practices configuration below to ensure your Palo Alto Networks WildFire subscription is providing the highest level of unknown threat protection.
WildFire Best Practice Configuration
Best practice for WildFire configuration recommends are as follows:
Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs
1) Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs
- WildFire Global Cloud – wildfire.paloaltonetworks.com
- WildFire EU Cloud – eu.wildfire.paloaltonetworks.com
- WildFire Japan Cloud – jp.wildfire.paloaltonetworks.com
- WildFire Singapore Cloud – sg.wildfire.paloaltonetworks.com
2) Enable both Report Benign Files & Grayware Files
3) Change the file size limits to the maximum sizes allowed
|FILE TYPE||SIZE LIMIT|