Create a new or update your existing WildFire
and Antivirus security profile to use the real-time
WildFire inline ML models.
Select an existing WildFire and Antivirus security profile or create a new
one (select ManageConfigurationNGFW and Prisma AccessSecurity ServicesWildFire and Antivirus and Add Profile.
Select WildFire Inline Machine Learning Models and
apply an Action Setting for each WildFire
Inline ML model. This enforces the WildFire Inline ML Actions settings
configured for each protocol on a per model basis.
The following
classification engines available:
Windows Executables
PowerShell Scripts 1
PowerShell Scripts 2
Executable Linked Format
MSOffice
Shell Scripts
enable—WildFire
inspects traffic according to your selections in the WildFire Inline
ML Action column in the decoders section of the Action tab.
enable(alert-only)—WildFire inspects traffic according
to your selections in the WildFire Inline ML Action column in the
decoders section of the Action tab and overrides
any action with a severity level higher than alert (drop, reset-client, reset-server, reset-both) alert,
which allows traffic to pass while still generating and saving an alert
in the threat logs.
disable—WildFire allows traffic to pass without any
policy action.
(Optional) Add file exceptions to your WildFire
and Antivirus security profile if you encounter false-positives.
This is typically done for users who are not forwarding files to
WildFire for analysis. You can add the file exception details directly
to the exception list or by specifying a file from the threat logs.
If your WildFire Analysis security profile is configured
to forward the filetypes analyzed using WildFire inline ML, false-positives are
automatically corrected as they are received. If you continue to
see ml-virus alerts for files that have been classified as benign
by WildFire Analysis, please contact Palo Alto Networks Support.
Add file exceptions directly to the exception list.
Select Advanced Settings and Add
Exception in the File Exceptions pane.
Add the hash, filename, and description of the file that
you want to exclude from enforcement.