https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/584496#M6554 <P>where you found this scripts??</P> Mon, 22 Apr 2024 14:40:53 GMT tlmarques 2024-04-22T14:40:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/448949#M1263 <P>Hi all,&nbsp;</P><P>Can the XDR auto delete files it has flagged, be it by local analysis or wildfire analysis? Or does it just block and quarantine files?</P> Mon, 22 Nov 2021 09:06:31 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/448949#M1263 Daniel_Itenberg 2021-11-22T09:06:31Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/448983#M1266 <P>looks like in the new v3.1 version you can do this:</P><TABLE><TBODY><TR><TD><DIV>Permanently Delete Quarantined files</DIV><DIV class="">(<SPAN>Requires a Cortex XDR agent 7.6 or a later release for Windows</SPAN>)</DIV></TD><TD><DIV><DIV class=""><DIV>To help you better manage malicious files which have been quarantined and avoid any potential mistake of restoring unwanted files, you can now permanently delete quarantined files on the endpoint from the File Quarantine Details page.</DIV></DIV></DIV></TD></TR></TBODY></TABLE> Mon, 22 Nov 2021 15:13:28 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/448983#M1266 P.Jacob 2021-11-22T15:13:28Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540735#M4267 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aaminahassan_0-1683011031186.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49896i10C3ABEF6E14CD25/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="aaminahassan_0-1683011031186.png" alt="aaminahassan_0-1683011031186.png" /></span>Hey! I want to ask more about it. whats the API call to delete file other than quarantine file API at end point.&nbsp;</P> <P>&nbsp;</P> Tue, 02 May 2023 07:04:43 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540735#M4267 aaminahassan 2023-05-02T07:04:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540864#M4275 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/288862">@aaminahassan</a>&nbsp;</P> <P>&nbsp;</P> <P>Regarding your use case above i.e. api call to delete file. You may run script using api to delete a file. There is a python script with name "delete_file" under Script library which you can locate at (Incident Response -&gt; Response -&gt; Action Center -&gt; Agent Script Library). Using the api you may mention the file path of the file which needs to be deleted.</P> <P>&nbsp;</P> <P>Screenshot for reference:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PiyushKohli_0-1683090610663.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49920iC75B26E6268AC33E/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PiyushKohli_0-1683090610663.png" alt="PiyushKohli_0-1683090610663.png" /></span></P> <P>&nbsp;</P> <P>API Ref:&nbsp;<A href="https://cortex-panw.stoplight.io/docs/cortex-xdr/3675bfc1e315e-run-script" target="_blank">https://cortex-panw.stoplight.io/docs/cortex-xdr/3675bfc1e315e-run-script</A></P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>Please mark the response as "Accept as Solution" if it answers your query.</P> <P><BR />Regards.</P> Wed, 03 May 2023 05:12:23 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540864#M4275 PiyushKohli 2023-05-03T05:12:23Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540866#M4277 Thanks for the prompt response.<BR />Also please share the way out to whitelist USB using which API call? Under device control I can see only get_violations. I can get_violations of device but don't know the exact parameters/API end point to whitelist the device.<BR /> Wed, 03 May 2023 05:20:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/540866#M4277 aaminahassan 2023-05-03T05:20:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/584496#M6554 <P>where you found this scripts??</P> Mon, 22 Apr 2024 14:40:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/automatic-deletion-of-files-suspected-confirmed-as-malware/m-p/584496#M6554 tlmarques 2024-04-22T14:40:53Z