HTML Application and Link File Analysis
Table of Contents
Expand all | Collapse all
-
- Mach-O Support for WildFire Inline ML
- Advanced WildFire Public Sector Cloud
- Advanced WildFire Government Cloud
- WildFire Spain Cloud
- WildFire Saudi Arabia Cloud
- WildFire Israel Cloud
- WildFire South Korea Cloud
- WildFire Qatar Cloud
- WildFire France Cloud
- WildFire Taiwan Cloud
- WildFire Indonesia Cloud
- WildFire Poland Cloud
- WildFire Switzerland Cloud
- Advanced WildFire Support for Intelligent Run-time Memory Analysis
- Shell Script Analysis Support for Wildfire Inline ML
- Standalone WildFire API Subscription
- WildFire India Cloud
- MSI, IQY, and SLK File Analysis
- MS Office Analysis Support for Wildfire Inline ML
- WildFire Germany Cloud
- WildFire Australia Cloud
- Executable and Linked Format (ELF) Analysis Support for WildFire Inline ML
- Global URL Analysis
- WildFire Canada Cloud
- WildFire UK Cloud
- HTML Application and Link File Analysis
- Recursive Analysis
- Perl Script Analysis
- WildFire U.S. Government Cloud
- Real Time WildFire Verdicts and Signatures for PDF and APK Files
- Batch File Analysis
- Real Time WildFire Verdicts and Signatures for PE and ELF Files
- Real Time WildFire Verdicts and Signatures for Documents
- Script Sample Analysis
- ELF Malware Test File
- Email Link Analysis Enhancements
- Sample Removal Request
- Updated WildFire Cloud Data Retention Period
- DEX File Analysis
- Network Traffic Profiling
- Additional Malware Test Files
- Dynamic Unpacking
- Windows 10 Analysis Environment
- Archive (RAR/7z) and ELF File Analysis
- WildFire Analysis of Blocked Files
- WildFire Phishing Verdict
HTML Application and Link File Analysis
To enable forwarding of HTA/LNK files
from the firewall, be sure to download and install the latest PAN-OS
content release. PAN-OS Applications and Threats content release
8229 allows firewalls operating PAN-OS 8.1 and later to forward
HTA and LNK files to the WildFire cloud for analysis. For more information
about the update, refer to the Applications and Threat Content Release
Notes.
To download the release notes, log in to the Palo
Alto Networks Support Portal, click Dynamic Updates and
select the release notes listed under Apps + Threats.
WildFire
now supports HTML application and link file analysis in the WildFire
cloud, which enables the WildFire public cloud to analyze and classify .HTA
and .LNK files with verdicts using static and dynamic analysis.
When a malicious file is discovered, the WildFire cloud generates
and distributes protections to firewalls to prevent successful attacks.
To ensure that you are protected from the latest threats, always
keep your firewalls up-to-date with the latest content and software
updates from Palo Alto Networks.
- The WildFire appliance does not support HTA/LNK file analysis at this time.
- Only firewalls operating PAN-OS 8.1 and later can forward scripts to the WildFire public cloud.
To
forward HTA or LNK files for analysis, the WildFire Analysis
Profile on the firewall must be configured to forward
the script (.HTA) or pe (.LNK)
file types. Select any Any to forward all
supported unknown files to the WildFire public cloud.
- Enable file type forwarding.
- Select Objects > Security Profiles > WildFire Analysis and Add or modify a profile to define traffic to forward for WildFire analysis.
- Add or modify a profile rule, select file type, and set the rule to forward Any file type. Alternatively, you can also specify script (for .HTA files) or pe (for .LNK files) if you want to forward a specific file type.Profile rules with the file type set to Any forward all supported file types for WildFire analysis.
- Select Destination and set the profile rule to forward the files to the public-cloud.
- Click OK to save the new or modified WildFire Analysis profile.
- Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
- Select Policies > Security and Add or modify a security policy rule.
- Select Actions and set the Profile Type to Profiles.
- Select the newly-created WildFire Analysis profile.
- Click OK to save the security policy rule.For detailed steps to configure a WildFire Analysis profile and to attach the profile to a security policy rule, see Forward Files for WildFire Analysis.
- Select Monitor > WildFire Submissions to find WildFire verdicts and analysis reports for script files that have been submitted by the firewall.
Submit script
files directly to the WildFire public cloud for analysis from the
WildFire portal as well as the WildFire API:
- Manually submit script files to the WildFire public cloud for analysis. You can then view the WildFire sample analysis report and verdict (malicious, grayware or benign) on the WildFire portal.
- Use the WildFire API to submit files to the WildFire public cloud. You can use the WildFire API to retrieve verdicts and analysis reports for the files. You can also specify script as the target analysis environment when you retrieve a packet capture through the WildFire API.