Advanced WildFire can discover zero-day malware in web traffic (HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic and can quickly generate signatures to identify and protect against future infections from the malware it discovers. Advanced WildFire automatically generates a signature based on the malware payload of the sample and tests it for accuracy and safety.

Each Advanced WildFire cloud analyzes samples and generates malware signatures independently of the other Advanced WildFire clouds. With the exception of WildFire private cloud signatures, Advanced WildFire signatures are shared globally, enabling users worldwide to benefit from malware coverage regardless of the location in which the malware was first detected. Because malware evolves rapidly, the signatures that Advanced WildFire generates address multiple variants of the malware.

Firewalls with an active Advanced WildFire license can retrieve the latest Advanced WildFire signatures in real-time, as soon as they become available. If you do not have an Advanced WildFire subscription, signatures are made available within 24-48 hours as part of the antivirus update for firewalls with an active Threat Prevention license.

As soon as the firewall downloads and installs the new signature, the firewall can block the files that contain that malware (or a variant of the malware). Malware signatures do not detect malicious and phishing links; to enforce these links, you must have a PAN-DB URL Filtering license. You can then block user access to malicious and phishing sites.