How to set a File exception or disable WildFire Inline ML model

How to set a File exception or disable WildFire Inline ML model

21422
Created On 06/08/23 06:35 AM - Last Modified 04/17/24 10:04 AM


Environment


  • PAN-OS 10.0 or higher
  • Active WildFire License

Procedure


If your WildFire Analysis security profile is configured to forward the filetypes analyzed using WildFire inline ML, false-positives are automatically corrected as they are received. 
 

In the event that false positives are observed, customer may proceed setting an exception to allow the trusted file. This is typically done when WildFire Analysis Security Profile is not configured to forward files to WildFire for analysis. Below are 2 methods in setting an exception.

 

1. Add a File Exception to Antivirus Security Profile by specifying a file from the threat logs.

  • Navigate to Threat Logs and click on the "magnifying glass" icon to view Detailed Log, click "Create Exception" for the Partial Hash of the specific file.
Threat-log-details
 
  • Alternatively, manually copy the Partial Hash and add it under Antivirus Profile (WildFire Inline ML tab).
File-Exception


 
2. If you need to temporarily disable the ML Model, you may do so by changing the setting to "alert-only (override more strict actions to alert)" or "disable (for all protocols)".
Screenshot 2023-06-08 at 2.31.56 PM.png

 

Note: If you continue to see ml-virus alerts for files that have been classified as benign by WildFire Analysis, please contact Palo Alto Networks Support.

     

    Additional Information


    Enable Advanced WildFire Inline ML

    Configure WildFire Inline ML

     
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bpylCAA&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

    Choose Language