https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/whitelist-our-backup-software/m-p/585999#M6644 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1379254235">@Dav_ArxOne</a>, thanks for reaching us.</P> <P>&nbsp;</P> <P>The software might be detected due to his behavior on the endpoints, but as in many other cases that doesn't mean it is a real threat.</P> <P>If a customer with Cortex XDR agents running finds that the software is blocked, they can create exceptions to allow it, even allow all the signatures to run no matter which executable file is running. Then they can create an internal technical case to let our product team know that there is a false positive and it will be updated after the analysis.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Tue, 07 May 2024 12:20:25 GMT jmazzeo 2024-05-07T12:20:25Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/whitelist-our-backup-software/m-p/585861#M6640 <P>Hello,<BR />I do represent a company called Arx One. We have been publishing a backup software suite (backup agent, agent management console) for more than 15 years now and those software are installed on our customers' workstations, servers or NAS (Windows, Linux, MacOS, Synology and QNAP).</P> <P>We recently discovered through a VirusTotal analyse that your antivirus was considering our software as a virus.<BR />Could you please register our products on your whitelist to fix this situation ?<BR />As we publish updates from time to time you can also whitelist our code signing.</P> <P>Websites: <A href="https://arxone.com/" target="_blank">https://arxone.com/</A> and <A href="https://arx.one/" target="_blank">https://arx.one/</A><BR />Download page: <A href="https://www.arxone.com/downloads" target="_blank">https://www.arxone.com/downloads</A></P> <P>Direct download links:<BR />Backup Agent - Windows : <A href="http://get.arx.one/backup?os=windows&amp;channel=stable" target="_blank">http://get.arx.one/backup?os=windows&amp;channel=stable</A><BR />Backup Agent Management Console - Windows : <A href="http://get.arx.one/backupui?os=windows&amp;channel=stable" target="_blank">http://get.arx.one/backupui?os=windows&amp;channel=stable</A><BR />Backup Agent - Windows (pre-release) : <A href="http://get.arx.one/backup?os=windows&amp;channel=testing" target="_blank">http://get.arx.one/backup?os=windows&amp;channel=testing</A><BR />Backup Agent - macOS (pre-release) : <A href="http://get.arx.one/backup?os=macos&amp;channel=testing" target="_blank">http://get.arx.one/backup?os=macos&amp;channel=testing</A></P> <P>The troublesome analysis was done with the Windows pre-release version. As our code signing certificate was changed recently, this might be the cause of our problem...</P> <P>You can reach us using the address backup@arx.one or at this phone number : (+33) 09 72 134 990</P> <P>Best regards,</P> Mon, 06 May 2024 13:26:41 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/whitelist-our-backup-software/m-p/585861#M6640 Dav_ArxOne 2024-05-06T13:26:41Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/whitelist-our-backup-software/m-p/585999#M6644 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1379254235">@Dav_ArxOne</a>, thanks for reaching us.</P> <P>&nbsp;</P> <P>The software might be detected due to his behavior on the endpoints, but as in many other cases that doesn't mean it is a real threat.</P> <P>If a customer with Cortex XDR agents running finds that the software is blocked, they can create exceptions to allow it, even allow all the signatures to run no matter which executable file is running. Then they can create an internal technical case to let our product team know that there is a false positive and it will be updated after the analysis.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Tue, 07 May 2024 12:20:25 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/whitelist-our-backup-software/m-p/585999#M6644 jmazzeo 2024-05-07T12:20:25Z