: Windows 10 Analysis Environment for the WildFire Appliance
Focus
Focus

Windows 10 Analysis Environment for the WildFire Appliance

Table of Contents

Windows 10 Analysis Environment for the WildFire Appliance

The WildFire ® appliance can now analyze files in a Windows 10 operating system.
The WildFire ® appliance can now analyze files using the Windows 10 operating system, which increases the threat prevention coverage of the appliance by enabling it to detect threats that are designed specifically for Windows 10 environments.
The virtual analysis environment has the following system attributes:
  • Windows 10 x64
  • Adobe Reader 11
  • Flash 11
  • Office 2010
The WildFire appliance can use the Windows 10 environment to analyze all files that it normally supports.
To take advantage of the new VM, you must download the Windows 10 VM image from the Palo Alto Networks Customer Support Portal, install the image onto the WildFire appliance, and then configure the appliance to use the new VM environment.
Use the Windows 10 environment for file analysis by selecting vm-7 when you configure the WildFire appliance.
  1. Go to the Palo Alto Networks Customer Support Portal software download page.
  2. From the software updates page, select WF-500 Guest VM Images and download the WFWin10Base_m-1.0.0-c2.10base VM image file.
  3. Upload the Windows 10 VM image to the WildFire appliance.
    1. Import the software image from the SCP server:
      admin@WF-500>scp import wildfire-vm-image from <username@ip_address>/<folder_name>/<vm_image_filename>									
      For example:
      admin@WF-500>scp import wildfire-vm-image from user1@10.0.3.4:/tmp/WFWin10Base_m-1.0.0-c2.10base									
    2. To check the status of the download, use the following command:
      admin@WF-500>show jobs all
  4. Install the Windows 10 VM image.
    admin@WF-500>request system wildfire-vm-image upgrade install file <vm_image_filename>
  5. Confirm that the Windows 10 VM image has been properly installed and enable the VM image the WildFire appliance uses to perform analysis.
    1. View a list of available virtual machines images:
      admin@WF-500> show wildfire vm-images
      The following output shows that vm-7 is the Windows 10 VM image:
      vm-7 Windows 10 x64, Adobe Reader 11, Flash 11, Office 2010. Support PE, PDF, Office 2010 and earlier 
    2. Set the image to be used for analysis:
      admin@WF-500# set deviceconfig setting wildfire active-vm vm-7
      And commit the configuration:
      admin@WF-500# commit
    3. (Optional) View the active VM image by running the following command:
      admin@WF-500> show wildfire status