topic Re: Possible FP alerts on linux in Cortex XDR Discussions

Possible FP alerts on linux

Daniel_Itenberg — Wed, 27 Oct 2021 11:32:18 GMT

Hi,

I seemingly have a problem with the xdr agents installed on ubuntu workstations -I get "local malware analysis" alerts on seemingly benign programs and executables such as chrome, VS code, systemd and such.

WF shows either benign or unknown.

Problem is, I cant replicate those alerts on my ubuntu test station.

Did someone else encounter this problem?

Re: Possible FP alerts on linux

jcandelaria — Thu, 28 Oct 2021 20:08:24 GMT

Hi Daniel,

Just to make sure version/kernel is supported? Otherwise you can submit a support case so PA support can investigate further.

https://docs.paloaltonetworks.com/compatibility-matrix/cortex-xdr/where-can-i-install-the-cortex-xdr-agent.html

https://docs.paloaltonetworks.com/compatibility-matrix/cortex-xdr/cortex-xdr-supported-kernel-module-versions-by-distribution.html

Or maybe just corrupted installer that needs to be re-installed?

Re: Possible FP alerts on linux

Daniel_Itenberg — Sun, 31 Oct 2021 07:14:57 GMT

The kernel version is is supported, I checked prior to installing the agent on the hosts