https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/a-question-from-the-alert-tuning-operations-webinar-signing/m-p/505718#M2265 <P><SPAN>We have a mac-device on which even a reinstalled chrome creates child processes (Google Chrome Helper) that are apparently below the signing level of the parent process. Their signatures seem to be valid. Seems like whitelisting the hash of the initiator is not the best idea. What would be the best process if a child's process is blocked due to the signing level of the parent?</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 23 Jun 2022 09:05:21 GMT rtsedaka 2022-06-23T09:05:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/a-question-from-the-alert-tuning-operations-webinar-signing/m-p/505718#M2265 <P><SPAN>We have a mac-device on which even a reinstalled chrome creates child processes (Google Chrome Helper) that are apparently below the signing level of the parent process. Their signatures seem to be valid. Seems like whitelisting the hash of the initiator is not the best idea. What would be the best process if a child's process is blocked due to the signing level of the parent?</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 23 Jun 2022 09:05:21 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/a-question-from-the-alert-tuning-operations-webinar-signing/m-p/505718#M2265 rtsedaka 2022-06-23T09:05:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/a-question-from-the-alert-tuning-operations-webinar-signing/m-p/505721#M2266 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/216120">@rtsedaka</a>,</P><P>&nbsp;</P><P>Is Google Chrome Helper being blocked by XDR? if yes, which alert type? Local Analysis? Wildfire? Suspicious Process Creation?</P><P>&nbsp;</P> Thu, 23 Jun 2022 09:08:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/a-question-from-the-alert-tuning-operations-webinar-signing/m-p/505721#M2266 fmoixsante 2022-06-23T09:08:44Z