Changes locally generated WildFire verdicts for samples submitted from the Firewall. Verdict changes apply only to those samples submitted to the WildFire appliance, and the verdict for the same sample remains unchanged in the WildFire public cloud. You can view samples with changed verdicts using the show wildfire global command.

The WildFire private cloud content package is updated to reflect any verdict changes that you make (on the firewall, select DeviceDynamic UpdatesWF-Private to enable WildFire private cloud content updates). When you change a sample verdict to malicious, the WildFire appliance generates a new signature to detect the malware and adds that signature to the WildFire private cloud content package. When you change a sample verdict to benign, the WildFire appliance removes the signature from the WildFire private cloud content package.

There is also an API call which can be used to change the verdicts of local samples. Refer to the WildFire API Reference for more information.

* hash — Specify the SHA-256 hash of the file for which you want change the verdict.

* verdict — Enter the new file verdict: 0 indicates a benign sample; 1 indicates malware; 2 indicates grayware.

* comment — Include a comment to describe the verdict change.

The following shows the output of this command.

admin@WF-500> submit wildfire local-verdict-change comment test hash c323891a87a8c43780b0f2377de2efc8bf856f02dd6b9e46e97f4a9652814b5c verdict 2 
Please enter 'Y' to commit: (y or n) 
verdict is changed (old verdict: 1, new verdict:2) 

superuser, deviceadmin