https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477757#M1825 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/196640">@Daniel_Itenberg</a>&nbsp;,&nbsp;</P><P>have you thought of adding the signer as a trusted signer ? this will not take into account the hash. This is useful also for drivers from specific vendors that sign their software.&nbsp;</P><P>Please check this doc on how to do it at the malware profile:</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile.html</A></P><P>I wont recommend much to add a whole folder to the allow list since malicious actors might drop their malware there and go undetected.&nbsp;</P><P>If hash and trusted signer do not work either of them, open a TAC support case to get a suex.&nbsp;<BR />Hope this helps&nbsp;</P><P>KR,&nbsp;</P><P>Luis</P> Sun, 03 Apr 2022 14:55:35 GMT eluis 2022-04-03T14:55:35Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477745#M1823 <P>Hi all,</P><P>I have a specific file that i would like to whitelist. I have it in the allow list(by hash) but it still sometimes blocked by the "local analysis malware" due to having a different hash than the one in the allow list.</P><P>Is there a way to exclude a file from the scan via name, or any other way?</P><P>&nbsp;</P> Sun, 03 Apr 2022 07:11:05 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477745#M1823 Daniel_Itenberg 2022-04-03T07:11:05Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477757#M1825 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/196640">@Daniel_Itenberg</a>&nbsp;,&nbsp;</P><P>have you thought of adding the signer as a trusted signer ? this will not take into account the hash. This is useful also for drivers from specific vendors that sign their software.&nbsp;</P><P>Please check this doc on how to do it at the malware profile:</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile.html</A></P><P>I wont recommend much to add a whole folder to the allow list since malicious actors might drop their malware there and go undetected.&nbsp;</P><P>If hash and trusted signer do not work either of them, open a TAC support case to get a suex.&nbsp;<BR />Hope this helps&nbsp;</P><P>KR,&nbsp;</P><P>Luis</P> Sun, 03 Apr 2022 14:55:35 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477757#M1825 eluis 2022-04-03T14:55:35Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477887#M1830 <P>What if the signature filed says "invalid signature"?</P> Mon, 04 Apr 2022 09:11:42 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477887#M1830 Daniel_Itenberg 2022-04-04T09:11:42Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477909#M1831 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/196640">@Daniel_Itenberg</a>&nbsp;,</P><P>&nbsp;</P><P>I would open a TAC support case to see what is the issue here. Our TAC engineers will provide you help on this</P><P>KR,&nbsp;</P><P>Luis</P> Mon, 04 Apr 2022 10:10:26 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477909#M1831 eluis 2022-04-04T10:10:26Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477970#M1833 <P>If the file is always in the same location you can create a malware profile and exclude this location from scanning.</P><P>That is the easiest solution, as chaning hashes will invalidate the entires in the allow list</P> Mon, 04 Apr 2022 14:36:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/477970#M1833 MartinPfeil 2022-04-04T14:36:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/512944#M2693 <P>Hii Eluis,<BR />How to add a trusted signer .<BR />How to sign a application which is internal built for organisation</P> Thu, 25 Aug 2022 05:42:16 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/excluding-files-from-local-malware-analysis-scan/m-p/512944#M2693 Anil_Racharla 2022-08-25T05:42:16Z