How to test Antivirus' WildFire Inline ML detection

How to test Antivirus' WildFire Inline ML detection

23790
Created On 04/20/21 23:22 PM - Last Modified 01/31/24 07:42 AM


Objective


Verify that the WildFire Inline ML detection for Antivirus is working properly.

Environment


  • PAN-OS 10.0 or higher
  • Active WildFire License


Procedure


1. Make sure that the "enable (inherit per-protocol actions)" setting is defined for the desired Machine Learning Model in the WildFire Inline ML tab of Antivirus profile.
Enable the relevant Inline ML detection modules that are desired

2. Additionally, define the blocking actions per-protocol as needed under the WildFire Inline ML Actions column.
Enable blocking actions in the WildFire Inline ML Actions column.

3. Once the configuration is applied, use "wildfire-test-pe-file.exe"totransit the file through your firewall and test the WildFire Inline ML detection.

Reference:
​​​​​​​Test a Sample Malware File

 


Additional Information


The log type will be "ml-virus" and will be found under the Threat Logs with UTID 599800.
ml-virus detected with UTID 599800 
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sY4ZCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language