How to test Antivirus' WildFire Inline ML detection

How to test Antivirus' WildFire Inline ML detection

26787
Created On 04/20/21 23:22 PM - Last Modified 03/04/24 15:01 PM


Objective


Verify that the WildFire Inline ML detection for Antivirus is working properly.

Environment


  • PAN-OS 10.0 or higher
  • Active WildFire License

Procedure


1. Make sure that the "enable (inherit per-protocol actions)" setting is defined for the desired Machine Learning Model in the WildFire Inline ML tab of Antivirus profile.
Enable the relevant Inline ML detection modules that are desired

2. Additionally, define the blocking actions per-protocol as needed under the WildFire Inline ML Actions column.
Enable blocking actions in the WildFire Inline ML Actions column.

3. Once the configuration is applied, use "wildfire-test-pe-file.exe"totransit the file through your firewall and test the WildFire Inline ML detection.

Reference:
Test a Sample Malware File

 

Additional Information


The log type will be "ml-virus" and will be found under the Threat Logs with UTID 599800.
ml-virus detected with UTID 599800 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sY4ZCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language