How to test Antivirus' WildFire Inline ML detection

How to test Antivirus' WildFire Inline ML detection

39662
Created On 04/20/21 23:22 PM - Last Modified 04/22/25 03:53 AM


Objective


Verify that the WildFire Inline ML detection for Antivirus is working properly.

Environment


  • PAN-OS 10.0 or higher
  • Active WildFire License

Procedure


1. Make sure that the "enable (inherit per-protocol actions)" setting is defined for the desired Machine Learning Model in the WildFire Inline ML tab of Antivirus profile.
Enable the relevant Inline ML detection modules that are desired

2. Additionally, define the blocking actions per-protocol as needed under the WILDFIRE INLINE ML ACTIONS column.
Enable blocking actions in the WildFire Inline ML Actions column.

 

3. If you are downloading the test file from the WildFire cloud via HTTPS, please temporarily disable the entries below from the SSL decryption exclusion list on the Device > Certificate Management > SSL Decryption Exclusion page as described in the following document.

  • *.wildfire.paloaltonetworks.com
  • wildfire.paloaltonetworks.com

Reference:
Test a Sample Malware File

 


4. Once the configuration is applied, use "wildfire-test-pe-file.exe"totransit the file through your firewall and test the WildFire Inline ML detection.

Additional Information


The log type will be "ml-virus" and will be found under the Threat Logs with UTID 599800.
ml-virus detected with UTID 599800 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sY4ZCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language