https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/575865#M6020 <P>Dear&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307134">@tlmarques</a>&nbsp;,&nbsp;</P> <P>&nbsp;</P> <P>Hope you are doing well, and thank you for reaching out to our Live Community. From the above query I believe that you are trying to see how to configure the end users to initiate a full scan from the Cortex XDR interface locally on endpoint.&nbsp;</P> <P>&nbsp;</P> <P>Please note that a full scan can only be initiated from Cortex XDR portal by navigating to&nbsp;<SPAN class="guimenu">Incident Response</SPAN><SPAN>&nbsp;→&nbsp;</SPAN><SPAN class="guisubmenu">Response</SPAN><SPAN>&nbsp;→&nbsp;</SPAN><SPAN class="guimenuitem">Action Center</SPAN></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">Please find the document provided below for further details, thank you:&nbsp;<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware</A><BR /></SPAN></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">And for the configuration you have provided in the second screenshot, this configuration is used to allow the end user to initiate a right click scan on a file or folder as seen in the screenshot provided below, thank you:&nbsp;<BR /></SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="abdrahman_0-1706976458862.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57336i1A57F7A84BE2D666/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="abdrahman_0-1706976458862.png" alt="abdrahman_0-1706976458862.png" /></span></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you. </SPAN></P> Sat, 03 Feb 2024 16:09:20 GMT abdrahman 2024-02-03T16:09:20Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/575537#M6018 <P>Hi, I need help, I have <LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;policy to allow scans on the endpoint, however users are unable to start the scans, the option does not appear</P> <P>I can only scan, with cmd as administrator (cytool scan start) , in the GUI I can't even do it as administrator:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tlmarques_0-1706887670317.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57059i40F9987664233684/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="tlmarques_0-1706887670317.png" alt="tlmarques_0-1706887670317.png" /></span><BR /><BR /></P> <P>my configuration:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tlmarques_1-1706887790216.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57060i17790765B317A953/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="tlmarques_1-1706887790216.png" alt="tlmarques_1-1706887790216.png" /></span></P> <P>&nbsp;</P> Fri, 02 Feb 2024 15:30:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/575537#M6018 tlmarques 2024-02-02T15:30:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/575865#M6020 <P>Dear&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307134">@tlmarques</a>&nbsp;,&nbsp;</P> <P>&nbsp;</P> <P>Hope you are doing well, and thank you for reaching out to our Live Community. From the above query I believe that you are trying to see how to configure the end users to initiate a full scan from the Cortex XDR interface locally on endpoint.&nbsp;</P> <P>&nbsp;</P> <P>Please note that a full scan can only be initiated from Cortex XDR portal by navigating to&nbsp;<SPAN class="guimenu">Incident Response</SPAN><SPAN>&nbsp;→&nbsp;</SPAN><SPAN class="guisubmenu">Response</SPAN><SPAN>&nbsp;→&nbsp;</SPAN><SPAN class="guimenuitem">Action Center</SPAN></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">Please find the document provided below for further details, thank you:&nbsp;<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware</A><BR /></SPAN></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">And for the configuration you have provided in the second screenshot, this configuration is used to allow the end user to initiate a right click scan on a file or folder as seen in the screenshot provided below, thank you:&nbsp;<BR /></SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="abdrahman_0-1706976458862.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57336i1A57F7A84BE2D666/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="abdrahman_0-1706976458862.png" alt="abdrahman_0-1706976458862.png" /></span></P> <P>&nbsp;</P> <P><SPAN class="guimenuitem">If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you. </SPAN></P> Sat, 03 Feb 2024 16:09:20 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/575865#M6020 abdrahman 2024-02-03T16:09:20Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/577057#M6057 <P>we've that configuration enabled....the problem is the agent...i open a case with support and we found the problem.<BR /><BR />For future, if someone have the same problem, check that:<BR /><BR /><SPAN>OS version:</SPAN><BR /><SPAN>In the case of Windows 11, it will show clicking the “Show More Options” in the context menu.</SPAN><BR /><BR /><SPAN>Registry:</SPAN><BR /><SPAN>This is a registry key related to “Show More Options” in the context menu.</SPAN><BR /><SPAN>Please check if they are in the registry key.</SPAN><BR /><SPAN>- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Cortex.XDR.Scan</SPAN><BR /><SPAN>- HKEY_CLASSES_ROOT\CLSID\{44303AF8-6F09-4803-8639-9247339BE42D}</SPAN><BR /><SPAN>- HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\Cortex.XDR.Scan</SPAN><BR /><SPAN>- HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Cortex.XDR.Scan</SPAN><BR /><BR /><SPAN>If registry keys are missing, please re-install the agent.</SPAN><BR /><BR /></P> Mon, 12 Feb 2024 19:58:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/scan-endpoint-error/m-p/577057#M6057 tlmarques 2024-02-12T19:58:09Z