How to test Antivirus' WildFire Inline ML detection
35713
Created On 04/20/21 23:22 PM - Last Modified 03/04/24 15:01 PM
Objective
Verify that the WildFire Inline ML detection for Antivirus is working properly.
Environment
- PAN-OS 10.0 or higher
- Active WildFire License
Procedure
1. Make sure that the "enable (inherit per-protocol actions)" setting is defined for the desired Machine Learning Model in the WildFire Inline ML tab of Antivirus profile.
2. Additionally, define the blocking actions per-protocol as needed under the WildFire Inline ML Actions column.
3. Once the configuration is applied, use "wildfire-test-pe-file.exe"totransit the file through your firewall and test the WildFire Inline ML detection.
Reference:
Test a Sample Malware File
Additional Information
The log type will be "ml-virus" and will be found under the Threat Logs with UTID 599800.