6.21 Ensure that 'Wildfire Inline ML' on antivirus profiles are set to enable for all file types

Information

Configure 'Wildfire Inline ML' on antivirus profiles to a value of 'enable' for all file types.

Rationale:

Starting from PanOS 10, Wildfire supports real-time detection and blocking. As more attacks are designed to bypass signature-based protection, real-time signatureless-based protection is needed. With this new functionality, common file types used for malware delivery such as Windows Executables, PowerShell Script, MSOffice, Shell, and Executable Linked Format (ELF) can be inspected using Wildfire and malicious files are blocked in real-time.

Solution

Navigate to Objects > Security Profiles > Antivirus
Go to Wildfire Inline ML tab. Set enable (inherit per-protocol actions) for all Model on Action Setting.

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/17915

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.3

Plugin: Palo_Alto

Control ID: 9754461595da2fe95e71acfbc17d21fdc92459a2f0826f9b47b33efbc402eba7