Windows 10 Analysis Environment for the WildFire Appliance
Table of Contents
Expand all | Collapse all
-
- Mach-O Support for WildFire Inline ML
- Advanced WildFire Public Sector Cloud
- Advanced WildFire Government Cloud
- WildFire Spain Cloud
- WildFire Saudi Arabia Cloud
- WildFire Israel Cloud
- WildFire South Korea Cloud
- WildFire Qatar Cloud
- WildFire France Cloud
- WildFire Taiwan Cloud
- WildFire Indonesia Cloud
- WildFire Poland Cloud
- WildFire Switzerland Cloud
- Advanced WildFire Support for Intelligent Run-time Memory Analysis
- Shell Script Analysis Support for Wildfire Inline ML
- Standalone WildFire API Subscription
- WildFire India Cloud
- MSI, IQY, and SLK File Analysis
- MS Office Analysis Support for Wildfire Inline ML
- WildFire Germany Cloud
- WildFire Australia Cloud
- Executable and Linked Format (ELF) Analysis Support for WildFire Inline ML
- Global URL Analysis
- WildFire Canada Cloud
- WildFire UK Cloud
- HTML Application and Link File Analysis
- Recursive Analysis
- Perl Script Analysis
- WildFire U.S. Government Cloud
- Real Time WildFire Verdicts and Signatures for PDF and APK Files
- Batch File Analysis
- Real Time WildFire Verdicts and Signatures for PE and ELF Files
- Real Time WildFire Verdicts and Signatures for Documents
- Script Sample Analysis
- ELF Malware Test File
- Email Link Analysis Enhancements
- Sample Removal Request
- Updated WildFire Cloud Data Retention Period
- DEX File Analysis
- Network Traffic Profiling
- Additional Malware Test Files
- Dynamic Unpacking
- Windows 10 Analysis Environment
- Archive (RAR/7z) and ELF File Analysis
- WildFire Analysis of Blocked Files
- WildFire Phishing Verdict
Windows 10 Analysis Environment for the WildFire Appliance
The WildFire ® appliance can now analyze files
in a Windows 10 operating system.
The
WildFire ® appliance can now analyze files using the
Windows 10 operating system, which increases the threat prevention
coverage of the appliance by enabling it to detect threats that
are designed specifically for Windows 10 environments.
The
virtual analysis environment has the following system attributes:
- Windows 10 x64
- Adobe Reader 11
- Flash 11
- Office 2010
The WildFire appliance can use the Windows
10 environment to analyze all files that it normally supports.
To
take advantage of the new VM, you must download the Windows 10 VM
image from the Palo Alto Networks Customer Support Portal, install
the image onto the WildFire appliance, and then configure the appliance
to use the new VM environment.
Use the Windows 10 environment
for file analysis by selecting vm-7 when
you configure the WildFire appliance.
- Go to the Palo Alto Networks Customer Support Portal software download page.
- From the software updates page, select WF-500 Guest VM Images and download the WFWin10Base_m-1.0.0-c2.10base VM image file.
- Upload the Windows 10 VM image to the WildFire appliance.
- Import the software image from the SCP server:
admin@WF-500>scp import wildfire-vm-image from <username@ip_address>/<folder_name>/<vm_image_filename>For example:admin@WF-500>scp import wildfire-vm-image from user1@10.0.3.4:/tmp/WFWin10Base_m-1.0.0-c2.10base - To check the status of the download, use the following command:
admin@WF-500>show jobs all
- Install the Windows 10 VM image.
admin@WF-500>request system wildfire-vm-image upgrade install file <vm_image_filename> - Confirm that the Windows 10 VM image has been properly
installed and enable the VM image the WildFire appliance uses to
perform analysis.
- View a list of available virtual machines images:
admin@WF-500> show wildfire vm-imagesThe following output shows that vm-7 is the Windows 10 VM image:vm-7 Windows 10 x64, Adobe Reader 11, Flash 11, Office 2010. Support PE, PDF, Office 2010 and earlier
- Set the image to be used for analysis:
admin@WF-500# set deviceconfig setting wildfire active-vm vm-7And commit the configuration:admin@WF-500# commit - (Optional) View the active VM image by running the following
command:
admin@WF-500> show wildfire status
- View a list of available virtual machines images: