.exe, .msi, .app, .bat, .cmd, .vbs, .js, and .ps1 extensions are examples of what kind of files?

To use this feature, be sure to download and install the latest PAN-OS content release. PAN-OS Applications and Threats content release 8168 enables firewalls operating PAN-OS 8.1 and later to forward script files to the WildFire cloud for analysis. For more information about the update, refer to the Applications and Threat Content Release Notes.

Inhaltsverzeichnis Show

Most Popular
What is a batch file?
Batch file in Windows and other operating systems
Basic commands in batch files
Creating and saving a batch file

Script sample support has been expanded to include .bat (batch) files. As with all other currently supported script file types (JScript [.js], VBScript [.vbs], and PowerShell Script [.ps1], the WildFire public cloud can now analyze and classify batch files with verdicts using static and dynamic analysis. When a malicious batch file is discovered, the WildFire cloud generates and distributes C2 and DNS signatures to firewalls to prevent successful attacks. To ensure that you are protected from the latest threats, always keep your firewalls up-to-date with the latest content and software updates from Palo Alto Networks.

The WildFire appliance does not support batch file analysis at this time.
Only firewalls operating PAN-OS 8.1 and later can forward scripts to the WildFire public cloud.

To forward script files for analysis, the

WildFire Analysis Profile

on the firewall must be configured to forward the

script

file type or

Any

unknown files to the WildFire public cloud.

Enable file type forwarding.
1. Select
  Objects > Security Profiles > WildFire Analysis
  and
  Add
  or modify a profile to define traffic to forward for WildFire analysis.
2. Add or modify a profile rule, select
  file type
  , and set the rule to forward the new
  Any
  file type. You can also specify the
  script
  file type if you want to forward only scripts.
  Profile rules with the file type set to
  Any
  forward all file types for WildFire analysis.
3. Select Destination and set the profile rule to forward the files to the
  public-cloud
  .
4. Click
  OK
  to save the new or modified WildFire Analysis profile.
Attach the WildFire Analysis profile to a security policy rule—traffic matched to the policy rule is forwarded for WildFire Analysis.
1. Select
  Policies > Security
  and
  Add
  or modify a security policy rule.
2. Select
  Actions
  and set the
  Profile Type
  to
  Profiles
  .
3. Select the newly-created
  WildFire Analysis
  profile.
4. Click
  OK
  to save the security policy rule.
Select
Monitor > WildFire Submissions
to find WildFire verdicts and analysis reports for script files that have been submitted by the firewall.

You can submit script files directly to the WildFire public cloud for analysis from the WildFire portal as well as the WildFire API:

Manually submit script files to the WildFire public cloud for analysis. You can then view the WildFire sample analysis report and verdict (malicious, grayware or benign) on the WildFire portal.
Use the WildFire API to submit files to the WildFire public cloud. You can use the WildFire API to retrieve verdicts and analysis reports for the files. You can also specify script as the target analysis environment when you retrieve a packet capture through the WildFire API.

Most Popular

What is a batch file?

A batch file is a script file that stores commands to be executed in a serial order. It helps automate routine tasks without requiring user input or intervention. Some common applications of batch files include loading programs, running multiple processes or performing repetitive actions in a sequence in the system.

Also known as a batch job, a batch file is a text file created in Notepad or some other text editor. A batch file bundles or packages a set of commands into a single file in serial order. Without a batch file these commands would have to be presented one at a time to the system from a keyboard.

Usually, a batch file is created for command sequences when a user has a repetitive need. A command-line interpreter takes the file as an input and executes the commands in the given order. A batch file eliminates the need to retype commands, which saves the user time and helps to avoid mistakes. It is also useful to simplify complex processes.

Batch file in Windows and other operating systems

Microsoft's Windows operating system typically uses the .bat filename extension for batch files. However, other types of batch files are also available in Windows, including:

*.ini: Initialization file that sets default variables for the system and its programs
*.sys: System files
*.cfg: Configuration files
*.com: Executable command files for DOS commands

Batch files in Windows are also created using the .cmd or .btm file extensions.

The .bat extension also applies to batch file in the Disk Operating System (DOS). One of the best-known DOS batch files is Autoexec.bat that initializes DOS at system startup. In Unix operating systems a batch file is called a shell script.

To run typical commands, such as to modify system settings, start apps or launch a website, batch files can be run using command prompt. Tools like PowerShell and Bash (Bourne Again Shell) can be used to create advanced batch file scripts.

Basic commands in batch files

To create and execute a batch file, a user should understand the basic commands. Some popular basic commands include:

Echo: Echo allows the user to display messages and is usually on by default, but it can be turned off. When echo is on, users can view the characters entered on screen. When echo is off, input cannot be seen.

Title: This command changes the title text appearing on the top of the command window.
Rem: Rem statements are typically used to explain or comment on the code. They do not form a part of the code being executed.
Cls: The cls command clears the prompt screen.
Pause: The pause command stops the execution of the batch file. After running this command, the window stays open giving users the option of proceeding further or pausing between each task. If this command is not used, the window will close automatically when the script finishes executing.
Start "" [website]: This command uses the default browser to open a website as per the user's choice.
Ipconfig: The ipconfig command displays network information, e.g., MAC addresses, IP addresses and subnet
Ping: The ping command tests an IP address by sending out data packets and then gauging their location and latency.

Create advanced batch file scripts with PowerShell and Bash.

Creating and saving a batch file

A batch file is ideal for users who regularly open a particular website, create or rename files in bulk or check IP addresses using the ipconfig command. It automates these routine tasks, saving the user time and effort.

Here are steps to create a batch file:

Open Notepad or any text editor
Start with the @echo off command
Add these other commands, each one on a new line:

title [title of the batch script]
echo [first line]
pause

At this point, the file will look like this:

@echo off

title My first batch file

echo Congratulations and welcome to your first batch file!

pause

Once all commands are in, click on File and select the Save As option

Save the batch file with the .bat, .btm or .cmd extension. Put the entire file name in double quotes ("")

Double click the .bat file to run it and execute the commands
Right-click the .bat file and select Edit to edit it -- the file will open in Notepad (or other text editor application)

When naming a batch file, the user should not leave spaces because they can cause issues when the file is called from other scripts. It is also important not to use common batch file names, especially if those files are already available in the system, such as ping.cmd.