Inline Prevention of AI-Generated Malware with Prisma® Access Explicit Proxy and Advanced WildFire (Strata Cloud Manager)

1. Configure the maximum latency for your WildFire Profile.

   1. Create a Wildfire profile.
   2. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Prisma Access, then select DeviceDevice.
   3. Select the Device tab, then select Content-ID.
   4. In the WildFire Inline Cloud Analysis section, configure the following settings:

      • Max Latency (ms) — Enter the maximum time, in milliseconds, to wait for a WildFire verdict before applying the max latency action. Configure Max latency to 30 seconds or 30000 ms.
      • Allow on Max Latency — Enable to allow files through when a verdict is not received within the max latency period. Disable to block files when the verdict is not received in time (fail-closed).
      • Log Traffic Not Scanned — Enable to generate log entries for files that the inspection pipeline does not analyze.
   5. Save to save the configuration changes.
2. Enable inline cloud analysis.

   1. With the Configuration Scope set to Explicit Proxy, go to Security ServicesWildFire and Antivirus Profile, and select your Wildfire profile.
   2. Add a new profile or edit an existing one.
   3. Enable Inline Cloud Analysis. This activates the feature's core functionality.
   4. Attach your WildFire Profile to a Profile Group. Profile groups apply security profiles consistently across multiple security policies.
   5. Attach your WildFire Profile to a Security Policy. This defines which traffic is subject to advanced file handling. For Agent proxies, select specific users to enable the feature.
   6. Save to apply the configuration changes.
3. Enable Advanced File Handling.

   1. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Explicit Proxy and select Setup.
   2. On the Setup tab, select Set Up Advanced Security Settings.

   3. Select the Enable Advanced File Handling checkbox to enable extended malware analysis to improve zero-day prevention.

   4. Save and Push Config to deploy your changes.
4. Check your threat logs in Strata Cloud Manager.

   1. In Strata Cloud Manager, go to Log Viewer.
   2. Select Network/Threat logs.
   3. Look for log subtype inline_wildfire and threat name malware corresponding to your simulated downloads. These entries confirm that your system successfully blocked the malicious files.