Answer is B. WildFire Virus is a sub-type of the AV signatures.
Data Filtering allowed the flash file but it was blocked by the AV signatures as a known WildFire Virus.
it is B. Type Wildfire tells what is the cached verdict (malicious in this case with an action of block). Type wildfire-virus tells what actually the antivirus engine did to the traffic
URL profile action alert.
File Profile action alert.
AV and Wildfire action Reset-both
Policy Action Allow.
Content Inspection overrides the policy action meaning the answer is B.
Based on the WildFire submission log provided, let's break down the sequence:
TYPE: end - The action is allow.
TYPE: wildfire - The action is block with a verdict: malicious.
TYPE: wildfire-virus - The action is reset-both.
TYPE: virus - The action is reset-both.
TYPE: file - The action is alert.
TYPE: url - The action is alert.
Key points:
The log shows multiple actions taken on the file.
The wildfire-virus entry has the action reset-both, which means the connection was reset, preventing the download from completing.
Although the initial end type has an action of allow, subsequent security measures like the reset-both action for the wildfire-virus and virus types indicate that the download was interrupted.
Given this, the correct answer is:
B. No, because the action for the wildfire-virus is "reset-both."
(A) maybe but I could be wrong. "did the end user successfully downloaded file?" - technically YES.
"It takes about 10 to 15 minutes to download the signature by WF dynamic update, no signature, no blocking" - per screenshot, primarily action is set to "allow". If no other means was used for mitigating this, then yes, the file was downloaded then probably mitigated later after WF sends its update
Answer is B.
Wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus.
Source: https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/td-p/63337
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SRowe
Highly Voted 1 year, 4 months agohcir
Highly Voted 1 year, 2 months agoJackyCCK
Most Recent 4 months, 2 weeks agokewokil120
6 months, 3 weeks agojuankparra90
9 months, 2 weeks agoMoadil_001
10 months agothelittleyellowbirdie
10 months, 3 weeks agobetko
1 year agoThunnu
1 year, 4 months agojayessarre
1 year, 5 months agoMarshpillowz
1 year, 5 months agoMerlin0o
1 year, 5 months agoMerlin0o
1 year, 5 months agofranko_72
1 year, 6 months agoomgt2k2
1 year, 6 months agofranko_72
1 year, 6 months agojoquin0020
1 year, 7 months agoskullomania
1 year, 7 months ago