>
    Strata Copilot
    Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Administration
    4. Prisma Access Mobile Users
    5. Mobile Users: Explicit Proxy
    6. Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire
    Download PDF
    Prisma Access

    Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire

    Table of Contents

    Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire

    Enable WildFire inline inspection of files downloaded through Explicit Proxy to block malware before it reaches user endpoints.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    If you'd like to use this feature in your Prisma Access environment, get in touch with your account team to learn more.
    • Prisma Access license
    • Mobile user license
    The explicit proxy inline prevention of AI-generated malware feature provides inline cloud analysis for the pre-defined file types and larger file sizes within explicit proxy traffic. This capability prevents advanced malware threats by addressing evasion techniques such as those used by AI generated malware.
    Attackers are increasingly using AI to produce unique, polymorphic malware variants that evade traditional signature and hash-based defenses. For effective protection, every malware, even though unique, needs to be stopped inline in seconds, without impacting user experience. Prisma Access explicit proxy with Advanced WildFire blocks threats inline, before malware reaches a user's device. It leverages Advanced WildFire's Code Genome technology to create resilient fingerprints that capture malware's true intent, enabling rapid detection and prevention of large volumes of unique AI-generated malware.
    A low latency cloud architecture provides inline prevention of such malware including patient zero infections without impacting user experience. Protection extends to malware across all common file types, including documents (PDF, Microsoft Office), scripts (PowerShell, JavaScript), executables, archives, and for file sizes up to 100MB.

    Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire (Strata Cloud Manager)

    Configure Advanced File Handling in Strata Cloud Manager to enable WildFire inline inspection of files downloaded through Explicit Proxy.
    1. Configure the maximum latency for your WildFire Profile.
      1. Create a Wildfire profile.
      2. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Prisma Access, then select DeviceDevice.
      3. Select the Device tab, then select Content-ID.
      4. In the WildFire Inline Cloud Analysis section, configure the following settings:
        • Max Latency (ms) — Enter the maximum time, in milliseconds, to wait for a WildFire verdict before applying the max latency action. Configure Max latency to 30 seconds or 30000 ms.
        • Allow on Max Latency — Enable to allow files through when a verdict is not received within the max latency period. Disable to block files when the verdict is not received in time (fail-closed).
        • Log Traffic Not Scanned — Enable to generate log entries for files that the inspection pipeline does not analyze.
      5. Save to save the configuration changes.
    2. Enable inline cloud analysis.
      1. With the Configuration Scope set to Explicit Proxy, go to Security ServicesWildFire and Antivirus Profile, and select your Wildfire profile.
      2. Add a new profile or edit an existing one.
      3. Enable Inline Cloud Analysis. This activates the feature's core functionality.
      4. Attach your WildFire Profile to a Profile Group. Profile groups apply security profiles consistently across multiple security policies.
      5. Attach your WildFire Profile to a Security Policy. This defines which traffic is subject to advanced file handling. For Agent proxies, select specific users to enable the feature.
      6. Save to apply the configuration changes.
    3. Enable Advanced File Handling.
      1. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Explicit Proxy and select Setup.
      2. On the Setup tab, select Set Up Advanced Security Settings.
      3. Select the Enable Advanced File Handling checkbox to enable extended malware analysis to improve zero-day prevention.
      4. Save and Push Config to deploy your changes.
    4. Check your threat logs in Strata Cloud Manager.
      1. In Strata Cloud Manager, go to Log Viewer.
      2. Select Network/Threat logs.
      3. Look for log subtype inline_wildfire and threat name malware corresponding to your simulated downloads. These entries confirm that your system successfully blocked the malicious files.

    Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire (Panorama)

    Configure Advanced File Handling in Panorama to enable WildFire inline inspection of files downloaded through Explicit Proxy.
    1. Configure the maximum latency for your WildFire Profile.
      1. Create a Wildfire profile.
      2. On Panorama, go to TemplatesDeviceContent-ID, and select the settings icon of Wildfire Inline Cloud Analysis.
      3. In the WildFire Inline Cloud Analysis section, configure the following settings:
        • Max Latency (ms) — Enter the maximum time, in milliseconds, to wait for a WildFire verdict before applying the max latency action. Configure Max latency to 30 seconds or 30000 ms.
        • Allow on Max Latency — Enable to allow files through when a verdict is not received within the max latency period. Disable to block files when the verdict is not received in time (fail-closed).
        • Log Traffic Not Scanned — Enable to generate log entries for files that the inspection pipeline does not analyze.
      4. Select OK to save the configuration.
    2. Enable inline cloud analysis.
      1. Go to ObjectsSecurity ProfilesWildFire Analysis with the Device Group set to Explicit_Proxy_Device_Group.
      2. Add a new profile or edit an existing one.
      3. Select your Wildfire Profile, and the Inline Cloud Analysis tab and Enable cloud inline analysis. This activates the feature's core functionality. Configure the inline WildFire profile and select OK.
      4. Attach your WildFire Profile to a Profile Group. Profile groups apply security profiles consistently across multiple security policies.
      5. Attach your WildFire Profile to a Security Policy. This defines which traffic is subject to advanced file handling. For Agent proxies, select specific users to enable the feature.
      6. Save to apply the configuration changes.
    3. Enable Advanced File Handling.
      1. On Panorama, go to Cloud ServicesConfigurationMobile Users - Explicit Proxy, and then select the settings icon.
      2. Enable Advanced File Handling.
      3. Select the Advanced tab to enable the feature for extended malware analysis.
      4. Select the Enable Advance File Handling checkbox to enable extended malware analysis to improve zero-day prevention and select OK.
      5. Commit and Push to Explicit_Proxy_Device_Group.
    4. Check your threat logs in Panorama.

    © 2026 Palo Alto Networks, Inc. All rights reserved.