When a file is obfuscated, how does WildFire handle it?

WildFire is designed to enhance security by analyzing suspicious files for potential threats. When a file is obfuscated, it is typically compressed, encrypted, or otherwise altered to hide its contents and evade detection by security mechanisms.

Choosing to decompress and decrypt the file in memory before analyzing it is a critical capability of WildFire. This process allows the system to examine the contents of the file without executing it in an unsafe manner or compromising the security of the environment. By handling the file in this way, WildFire can uncover hidden malware, compromised scripts, or other malicious content that might not be apparent at first glance due to the obfuscation techniques employed.

Other options present alternative scenarios that do not accurately represent WildFire’s handling of obfuscated files. Ignoring the files would defeat the purpose of WildFire as a threat analysis service. Sending the files for external analysis might be a step but does not reflect the immediate processing capability built into WildFire. Automatically converting a file into a readable format overlooks the critical need for security precautions prior to full analysis, which is why the specific method of decompressing and decrypting in memory is a vital feature for effective threat detection.