https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/kandji-mdm/m-p/561435#M5326 <P>Hello everyone,</P> <P>Over the last two months we are having constant issues with Cortex and Kandji playing nice together. Before that everything was working without any issue for at least half a year, if not longer.</P> <P>What happens is the following: Kandji gets updated, some of its files change and they get flagged as malicious by Wildfire. At that point we can create exceptions/allowlist them, but the damage has already been done, users are sending tickets and everything is impacted and halted.</P> <P>&nbsp;</P> <P>After a while the Wildfire classification gets overwritten (manually, I assume) to benign and the issue doesn't occur until the next update.&nbsp;</P> <P>&nbsp;</P> <P>Did anyone have any similar experiences with the Cortex/Kandji combo recently? Have you come up with a workaround that doesn't involve creating exceptions for everything Kandji related?</P> Thu, 12 Oct 2023 12:44:06 GMT JosipS 2023-10-12T12:44:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/kandji-mdm/m-p/561435#M5326 <P>Hello everyone,</P> <P>Over the last two months we are having constant issues with Cortex and Kandji playing nice together. Before that everything was working without any issue for at least half a year, if not longer.</P> <P>What happens is the following: Kandji gets updated, some of its files change and they get flagged as malicious by Wildfire. At that point we can create exceptions/allowlist them, but the damage has already been done, users are sending tickets and everything is impacted and halted.</P> <P>&nbsp;</P> <P>After a while the Wildfire classification gets overwritten (manually, I assume) to benign and the issue doesn't occur until the next update.&nbsp;</P> <P>&nbsp;</P> <P>Did anyone have any similar experiences with the Cortex/Kandji combo recently? Have you come up with a workaround that doesn't involve creating exceptions for everything Kandji related?</P> Thu, 12 Oct 2023 12:44:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/kandji-mdm/m-p/561435#M5326 JosipS 2023-10-12T12:44:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/kandji-mdm/m-p/562078#M5360 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/227965">@JosipS</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>Please raise a TAC case because the alert data needs to be analysed to determine the root cause. TAC team will be able to help you to troubleshoot the issue.&nbsp;</P> Tue, 17 Oct 2023 13:37:29 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/kandji-mdm/m-p/562078#M5360 nsinghvirk 2023-10-17T13:37:29Z