The Advanced WildFire cloud operates a series of inline cloud ML-based
detection engines to analyze PE (portable executable) samples traversing through your
network to detect and prevent unknown malware in real-time. This allows the Advanced
WildFire cloud service to detect never-before seen malware (that does not have an
existing WildFire signature or is detectable through the local
Advanced WildFire inline cloud ML detectors)
and block it from infecting the client. This includes scenarios where certain types of
malware that have been previously unseen in the wild, and are not intercepted by
Advanced WildFire Inline ML, can proceed unhindered because the file was not seen
recently enough for its signature to be present on the firewall due to signature age-out
or signature database capacity limits. Newly defined malicious files will be blocked in
subsequent encounters by the firewall as the signature has become part of the current
set, however, that occurs after a malicious file is analyzed by the WildFire cloud.