Attackers frequently hide malicious payloads deep within nested compressed files to evade standard security scanning tools that only inspect initial layers. To combat this evasive technique and strengthen your protection against advanced threats, the ability to inspect deeply compressed content has been expanded to include Prisma Access.

This feature increases the depth to which the Prisma Access can decode encoded or compressed files, such as those using the ZIP format, from the default four levels up to a maximum of seven levels. Once decoded, the system automatically inspects the internal file and forwards unknown files for Advanced WildFire® analysis. This ensures that threats concealed within seven layers of compression are fully revealed and blocked by your security policies.

Because enabling higher compression depths can significantly impact performance, adjustments to the default depth should be closely monitored to ensure system stability. If your security requirements necessitate increasing the decoding depth beyond the default four levels, Palo Alto Networks recommends incrementally increasing the compressed file level inspection, starting with the minimum value that meets the security requirements for inspecting compressed files.

Firewall support added in PAN-OS 11.0.

Prisma Access support added in the Prisma Access 6.1.0 release.