09-11-2025 12:30 PM
We have a file (Filex.exe) that is throwing blocks of the following type
|
Threat Type
|
wildfire-virus
|
|
Threat ID/Name
|
trojan/Win32 EXE.crypt.aexg
|
|
ID
|
213019932 (View in Threat Vault)
|
How do I add this exclude this file from alerting? I went into Object > Security Objects > Antivirus > the profile > Wildfire Inline ML, and I added the file name and partial hash (not sure I fully understand partial hash. I used the first 31 characters of the sha256). We are still getting alerts for this file though.
Any ideas?
09-12-2025 01:18 AM
Hi @Verac22 ,
It looks like the threat type is identified as "wildfire-virus" and not as "ml-virus".
There's a nuance in both of these threat types as far as I know:
The wildfire-virus threat type comes from a verdict issued by the WildFire cloud analysis. This is a definitive, file-based verdict.
The ml-virus threat type comes from the inline machine learning engine on the firewall
The exception you created on the WildFire Inline ML page only applies to detections made by the inline engine (ml-virus threats). Since the file was categorized as a wildfire-virus by the cloud, the local exception was bypassed.
Here's the KB talking about it:
How to set a File exception or disable WildFire Inline ML model (ml-virus threat types)
Kind regards,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
