https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552234#M112380 <P>Thanks for the suggestion. I'll see where they may be a place that is appropriate but I can't think off hand right now where there would be a place for it that traffic would ever reach since anything valid (outside of intrazone) would hit other rules above it.&nbsp; Perhaps I can also place a rule above somewhere with a very limited scope to see how it fairs before a wider application.</P> Wed, 02 Aug 2023 16:43:26 GMT TonyDeHart 2023-08-02T16:43:26Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552125#M112367 <P>We currently have the ability to use WildFire Inline ML via the Antivirus Profile settings on our PA-5220's.&nbsp; However, all models currently are set to ACTION = DISABLE. I do NOT know why other than either that is what it defaulted to on a previous upgrade or my predecessor had a reason to leave it off.</P> <P>&nbsp;</P> <P>What is the best approach to activating this without potentially causing issues with false positives but NOT leaving us more vulnerable while we turn it up?</P> <P>&nbsp;</P> <P>I assume setting the action to ALERT-ONLY (override more strict actions to alert) would be the option to choose but the I'm concerned by it overriding more strict options it is effectively going to turn OFF scanning/analysis that is already in effect.</P> <P>&nbsp;</P> <P>I'd appreciate any insight from others with more experience.</P> <P>&nbsp;</P> <P>Thank you.</P> <P>&nbsp;</P> Tue, 01 Aug 2023 18:55:22 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552125#M112367 TonyDeHart 2023-08-01T18:55:22Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552225#M112379 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/272860">@TonyDeHart</a>&nbsp;,</P> <P>&nbsp;</P> <P>The Advanced Wildfire Inline ML compliments your Threat Prevention License with basic Wildfire capabilities. Using the Wildfire Inline ML will not turn off scanning/analysis in security profiles that are attached to existing security policies.&nbsp;</P> <P>&nbsp;</P> <P>Consider creating and placing your alert-only Wildfire Inline ML enhanced security policies below your existing security policies in select zones where you are able to test and monitor the new capability in your environment.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 02 Aug 2023 16:21:28 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552225#M112379 JayGolf 2023-08-02T16:21:28Z https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552234#M112380 <P>Thanks for the suggestion. I'll see where they may be a place that is appropriate but I can't think off hand right now where there would be a place for it that traffic would ever reach since anything valid (outside of intrazone) would hit other rules above it.&nbsp; Perhaps I can also place a rule above somewhere with a very limited scope to see how it fairs before a wider application.</P> Wed, 02 Aug 2023 16:43:26 GMT https://live.paloaltonetworks.com/t5/general-topics/antivirus-profile-wildfire-inline-ml-best-approach-to-enabling/m-p/552234#M112380 TonyDeHart 2023-08-02T16:43:26Z