https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/memory-corruption-exploit-alerts-incidents/m-p/440150#M1137 <P>Hello LiveCommunity, I wondered if any others are seeing a very high number of recently created (in the last few hours) "Memory Corruption Exploit" alerts in Cortex XDR?<BR /><BR />Beginning around 1015 Pacific this morning (11 Oct) thru as recent at 1518 Pacific, 11 Oct there has been numerous alerts fired across many different Workstations</P><P>&nbsp;</P><P>Seeing many different Initiator Paths such as:<BR />C:\Windows\System32\spoolsv.exe</P><P>C:\Program Files\Google\Chrome\Application\chrome.exe</P><P>C:\Windows\System32\RuntimeBroker.exe</P><P>C:\Program Files (x86)\Internet Explorer\iexplore.exe</P><P>&nbsp;</P><P>I thought perhaps it was a Content update, but does not look like there has been a new content update since sometime last week.</P><P>&nbsp;</P> Mon, 11 Oct 2021 22:37:41 GMT KRisselada 2021-10-11T22:37:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/memory-corruption-exploit-alerts-incidents/m-p/440150#M1137 <P>Hello LiveCommunity, I wondered if any others are seeing a very high number of recently created (in the last few hours) "Memory Corruption Exploit" alerts in Cortex XDR?<BR /><BR />Beginning around 1015 Pacific this morning (11 Oct) thru as recent at 1518 Pacific, 11 Oct there has been numerous alerts fired across many different Workstations</P><P>&nbsp;</P><P>Seeing many different Initiator Paths such as:<BR />C:\Windows\System32\spoolsv.exe</P><P>C:\Program Files\Google\Chrome\Application\chrome.exe</P><P>C:\Windows\System32\RuntimeBroker.exe</P><P>C:\Program Files (x86)\Internet Explorer\iexplore.exe</P><P>&nbsp;</P><P>I thought perhaps it was a Content update, but does not look like there has been a new content update since sometime last week.</P><P>&nbsp;</P> Mon, 11 Oct 2021 22:37:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/memory-corruption-exploit-alerts-incidents/m-p/440150#M1137 KRisselada 2021-10-11T22:37:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/memory-corruption-exploit-alerts-incidents/m-p/440391#M1140 <P>Hello,</P><P>&nbsp;</P><P>In this case, I would recommend opening a support case if you have concerns that this being a false positive. The support team can assist you to further investigate what behavior changed, in the meantime, you have the option to suppress these alerts.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Oct 2021 21:57:49 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/memory-corruption-exploit-alerts-incidents/m-p/440391#M1140 tvilas 2021-10-12T21:57:49Z