A protection application detects and remediates malicious files on a client. The protection application trains models using known samples of static clean files, and the models characterize features of the clean files. A model may be selected based on metadata obtained from a target file. By processing features of the clean files and features of the target file, the model may generate an anomaly score indicating a level of dissimilarity between the target file and the sample. The protection application compares the anomaly score to one or more threshold scores to classify the target file. Additionally, the target file may be provided to a security server to check against a whitelist or blacklist for classification. Responsive to a classification as malicious, the protection application remediates the target file on the client.