https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected/m-p/581677#M6406 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/260826">@DerekC</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>Thanks for reaching out on LiveCommunity!</SPAN></P> <P>&nbsp;</P> <P><SPAN>As per the internal updates,&nbsp;the SOC analyzed the XDR alert and determined that this is a false positive.&nbsp; There is no risk to your system and you can continue using it by clicking Ok in the pop up that you received.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards.</SPAN></P> Tue, 26 Mar 2024 08:04:07 GMT aspatil 2024-03-26T08:04:07Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected/m-p/581537#M6399 <P>We have had a number of users endpoints alert with the following:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DerekC_2-1711366036813.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58608i34AD4C6F6499F2D7/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="DerekC_2-1711366036813.png" alt="DerekC_2-1711366036813.png" /></span></P> <P>Subsequent scans of endpoints found nothing and there are not associated incidents within the portal.</P> <P>As can be seen, there is no identified application name or publisher. Is there any reason this would happen without incidents being recorded in the portal? Any ideas as to why we would see this?</P> <P>&nbsp;</P> <DIV id="tinyMceEditorDerekC_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> Mon, 25 Mar 2024 11:31:49 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected/m-p/581537#M6399 DerekC 2024-03-25T11:31:49Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected/m-p/581677#M6406 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/260826">@DerekC</a>&nbsp;,</P> <P>&nbsp;</P> <P><SPAN>Thanks for reaching out on LiveCommunity!</SPAN></P> <P>&nbsp;</P> <P><SPAN>As per the internal updates,&nbsp;the SOC analyzed the XDR alert and determined that this is a false positive.&nbsp; There is no risk to your system and you can continue using it by clicking Ok in the pop up that you received.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards.</SPAN></P> Tue, 26 Mar 2024 08:04:07 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected/m-p/581677#M6406 aspatil 2024-03-26T08:04:07Z