Threat name for "ml-virus" is different between WebGUI and exported csv log file.

Threat name for "ml-virus" is different between WebGUI and exported csv log file.

310
Created On 06/29/22 03:14 AM - Last Modified 11/11/25 23:28 PM


Symptom


  • When "ml-virus" type is detected, WebGUI > Monitor > Threat page shows "Malicious Windows Executable" as threat name. 
    webgui_threat.png
     
  • If the threat log entry is exported into csv format, "Machine Learning found virus" is shown as below.  
    Receive Time	Type	Threat/Content Type	Source address	Destination address	Session ID	URL/Filename	Threat/Content Name
2022/04/27 11:28:02	THREAT	ml-virus	172.16.36.112	192.168.36.16	21	mlav-test-pe-file.exe	Machine Learning found virus(599800)
2022/04/27 11:19:22	THREAT	ml-virus	172.16.36.112	192.168.36.16	19	mlav-test-pe-file.exe	Machine Learning found virus(599800)

     
  • Also, "Machine Learning found virus" is shown in the detailed view of that threat log n WebGUI.
    detailed_view.png
 

Environment


  • PAN-OS 10.0 or later.
  • Firewall and Panorama platforms.

Cause


  • Unexpected value was used for the exported threat logs in CSV format. The behavior will be fixed in the future release.

Resolution


  • There is no workaround for it.
  • In the future release, "Malicious Windows Executable" will be appeared in both WebGUI and the exported CSV file.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wknoCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail