: Archive (RAR/7z) and ELF File Analysis
Focus
Focus

Archive (RAR/7z) and ELF File Analysis

Table of Contents

Archive (RAR/7z) and ELF File Analysis

To use this feature, be sure to download and install the latest PAN-OS content release. PAN-OS Applications and Threats content release 745 enables you to specify file forwarding of archive (.rar and 7zip) and linux (ELF) file types. For more information about the update, refer to the Applications and Threat Content Release Notes.
To download the release notes, log in to the Palo Alto Networks Support Portal, click Dynamic Updates and select the release notes listed under Apps + Threats.
The WildFire public cloud can now analyze and classify linux (ELF) and archive (RAR and 7-Zip) files with malicious, benign, or grayware verdicts. As with all malicious samples, WildFire public cloud generates and distributes a signature to firewalls to prevent future instances of the file from penetrating your network. Keep in mind, the WildFire appliance does not support ELF and archive file analysis.
Archive and ELF file types are sent in their entirety to the WildFire cloud when submitted for analysis, as they are not decoded by the firewall.
The following new file types are supported for WildFire public cloud analysis:
  • Archive Files:
    • RAR—Supports Roshal Archive (.rar) files.
    • 7-Zip—Supports (.7z) files.
    • The archive file verdict is determined by the highest severity verdict of the archive contents.
    • Archive files that are multi-part or password protected cannot be analyzed.
  • ELF—Supports Executable and Linkable Format (.elf) files.