https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532172#M3701 <P>Hi to everyone.</P> <P>&nbsp;</P> <P>We have anti-ransomware feature set in "aggressive mode"&nbsp;</P> <P>&nbsp;</P> <P>The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem persists, contact your system administrator." issues per computer in the backup console.</P> <P>&nbsp;</P> <P>Is there any way to avoid this without disabling the aggressive mode?</P> <P>&nbsp;</P> <P>Has anyone experienced similar problems?</P> <P>&nbsp;</P> <P>Best regards.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 24 Feb 2023 11:48:36 GMT Edgar_Lapuerta 2023-02-24T11:48:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532172#M3701 <P>Hi to everyone.</P> <P>&nbsp;</P> <P>We have anti-ransomware feature set in "aggressive mode"&nbsp;</P> <P>&nbsp;</P> <P>The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem persists, contact your system administrator." issues per computer in the backup console.</P> <P>&nbsp;</P> <P>Is there any way to avoid this without disabling the aggressive mode?</P> <P>&nbsp;</P> <P>Has anyone experienced similar problems?</P> <P>&nbsp;</P> <P>Best regards.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 24 Feb 2023 11:48:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532172#M3701 Edgar_Lapuerta 2023-02-24T11:48:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532354#M3711 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/266300">@Edgar_Lapuerta</a>,</P> <P>&nbsp;</P> <P>Thanks for reaching out on LIVEcommunity.&nbsp; I understand you're having issues with backing up in your environment with your ransomware feature set to "aggressive mode".</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2023-02-27 at 8.26.48 AM.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48204i157BA42FA8D84EBA/image-size/medium?v=v2&amp;px=400" role="button" title="Screen Shot 2023-02-27 at 8.26.48 AM.png" alt="Screen Shot 2023-02-27 at 8.26.48 AM.png" /></span></P> <P>&nbsp;</P> <P>Please not that when Protection Mode is set to Aggressive you're greeting this with warning "<SPAN>Aggressive Protection Mode</SPAN><SPAN>&nbsp;may have an impact on applications in your environment and users may view decoy files that they would not see in Normal mode."&nbsp; An important things to remember is what ransomware activity looks like in the wild.&nbsp; Threat Actors gain access and then attempt to exfiltrate data in numerous ways.&nbsp; They often use legitimate software found in your environment to help them achieve their goal and remain unseen.&nbsp; Most backup solutions tend to work in a similiar way.&nbsp; By transferring large amounts of data from several endpoints it's often hard to tell what is legitimate backup activity and what is data exfiltration.&nbsp;&nbsp;<BR /><BR /><BR /></SPAN></P> <P>For this particular issue I'd recommend reaching out to you backup vendor and asking for exceptions you can add to Cortex XDR to allow it to run.&nbsp; If the vendor is unable to help you can reach out to <A href="https://support.paloaltonetworks.com/Support/Index" target="_self">support and ask for a Support Exclusion</A>.&nbsp; I'd recommend either of these courses of action with one caveat.&nbsp; If you add an exception for this software you may lose visibility if any threat actor is able to use the same software for data exfiltration.&nbsp;</P> <P>&nbsp;</P> <P>I hope this information helps.&nbsp; Please reach out if you have any other issues we may be able to help with and have a great day!</P> Mon, 27 Feb 2023 14:34:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532354#M3711 anlynch 2023-02-27T14:34:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532362#M3714 <P>Hy Anlynch,</P> <P>&nbsp;</P> <P>Thanks for your answer, but I think I didn't explain myself well.</P> <P>&nbsp;</P> <P>The backup software is running OK, but it is struggling to backup the Cortex XDR decoy files.&nbsp;</P> <P>&nbsp;</P> <P>There are many files in different folders that backup software can not copy to the cloud.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Backup.PNG" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/48205i7A0A9A2C66EC4D35/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Backup.PNG" alt="Backup.PNG" /></span></P> <P> </P> <P>General backup is working OK, but logs are full of these errors and some backup clients crash from time to time.</P> <P>&nbsp;</P> <P>Any suggestions?</P> <P>&nbsp;</P> <P>Best regards.</P> Mon, 27 Feb 2023 16:00:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-ransomware-aggressive-mode-files-backup-issues/m-p/532362#M3714 Edgar_Lapuerta 2023-02-27T16:00:06Z