WildFire Inline ML
The WildFire inline ML option present
in the Antivirus profile enables the firewall dataplane to apply
machine learning on PE (portable executable), ELF (executable and
linked format) and MS Office files, and PowerShell and shell scripts
in real-time. This layer of antivirus protection complements the
WildFire-based signatures to provide extended coverage for files
of which signatures do not already exist. Each inline ML model dynamically
detects malicious files of a specific type by evaluating file details,
including decoder fields and patterns, to formulate a high probability
classification of a file. This protection extends to currently unknown
as well as future variants of threats that match characteristics
that Palo Alto Networks has identified as malicious. To keep up
with the latest changes in the threat landscape, inline ML models
are added or updated via content releases. Before you can enable
WildFire inline ML, you must possess an active WildFire subscription.
Inline ML-based protection can also be enabled to detect malicious
URLs in real-time as part of your URL Filtering configuration. For
more information, refer to:
URL Filtering Inline ML
WildFire inline ML is not supported on the VM-50 or VM50L
virtual appliance.