The Advanced WildFire inline ML option present in the Antivirus profile enables the firewall dataplane to apply machine learning on PE (portable executable), ELF (executable and linked format), MS Office files, OOXML, Mach-O, and PowerShell and shell scripts in real-time. This layer of antivirus protection complements the Advanced WildFire-based signatures to provide extended coverage for files of which signatures do not already exist. Each inline ML model dynamically detects malicious files of a specific type by evaluating file details, including decoder fields and patterns, to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks has identified as malicious. To keep up with the latest changes in the threat landscape, inline ML models are added or updated via content releases. Before you can enable Advanced WildFire inline ML, you must possess an active Advanced WildFire or standard WildFire subscription.

Inline ML-based protection can also be enabled to detect malicious URLs in real-time as part of your URL Filtering configuration.