https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532744#M3738 <P>If anything needed executable are blocked by the XDR previous we used to add that ***.exe in malware profile. But now we faced that issue that client has connected the clickshare(PC Screen Share) Equipment as it's an external equipment connected to USB of the machine. How can we add that .exe to exception list to work in the machine. Its not working If add that in the malware profile.</P> Wed, 01 Mar 2023 20:07:10 GMT VineethArumulla 2023-03-01T20:07:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532744#M3738 <P>If anything needed executable are blocked by the XDR previous we used to add that ***.exe in malware profile. But now we faced that issue that client has connected the clickshare(PC Screen Share) Equipment as it's an external equipment connected to USB of the machine. How can we add that .exe to exception list to work in the machine. Its not working If add that in the malware profile.</P> Wed, 01 Mar 2023 20:07:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532744#M3738 VineethArumulla 2023-03-01T20:07:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532771#M3740 <P>Hi VineethArumulla,</P> <P><BR />Are you saying you are unable to add the file in the malware profile like you previously were able to? Or you were able to add the file but the traffic is still being blocked?<BR /><BR />In the last XDR version release (3.5), the workflow for managing exceptions and module allow-listing changed a bit. Navigate to Settings&gt;Exceptions Configuration&gt;Legacy Agent Exceptions then in the top right of the page click "Add&nbsp;Rule". As you navigate through the rule creation wizard you will need to define a name for the rule, select the associated platform, select which endpoint protection module you are wanting the exception applied to, define the target properties, then select which profile(s) you want the exception applied to. Once the rule is saved it will be applied to the associated endpoints at their next check-in.<BR /><BR />Regards,<BR />Ben<BR /><BR /></P> Wed, 01 Mar 2023 22:24:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532771#M3740 bbucao 2023-03-01T22:24:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532927#M3749 <P>We're able to add the file in malware profile but the traffic is still blocking, So we added the same file in restriction profile, Is that correct path? Is there any changes in the XDR 7.8.0 version?</P> Thu, 02 Mar 2023 12:12:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/532927#M3749 VineethArumulla 2023-03-02T12:12:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/533044#M3755 <P>Hi VineethArumulla,<BR /><BR />I do not recommend using the restrictions profile in this way as it could cause unexpected&nbsp; behavior since that is not the intended function.<BR />The allow-lists you are referring to in the malware profile are module specific, so it is important to make sure you are applying the setting to the correct module. In the alerts table, look in the "module" field for this alert, then make sure you are adding the file/path to the corresponding module allow-list in the malware profile. Keep in mind that in some cases a file may trigger multiple modules, in which case you would need to add the file to all applicable module allow-lists. If you have already done this and the traffic continues to be blocked, I would recommend opening a support case to address the issue.<BR /><BR />Regards,<BR />Ben&nbsp;</P> Thu, 02 Mar 2023 22:41:27 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blockage-activity/m-p/533044#M3755 bbucao 2023-03-02T22:41:27Z