https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/589062#M6806 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1551422421">@jia_xuan</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for providing the information.</P> <P>&nbsp;</P> <P>You can create an Alert Exclusion and add that to the profile instead of Global. Or take the execution script and create the Custom Prevention Rule or add it to Legacy agent exception.</P> <P>&nbsp;</P> <P>Once it is done, retrieve the alert data and open a TAC to check the reputation.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Regards</P> Fri, 07 Jun 2024 10:49:17 GMT aspatil 2024-06-07T10:49:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/588895#M6793 <P>I have an application that needs whitelisting.</P> <P>&nbsp;</P> <P>Actions Done:</P> <P>Add to Allow List</P> <P>Add to Malware Profile, under specific module that triggered alert/incident.</P> <P>&nbsp;</P> <P>It is still showing up in incidents when executed. Any idea what could be going on?</P> <P>&nbsp;</P> Thu, 06 Jun 2024 03:01:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/588895#M6793 jia_xuan 2024-06-06T03:01:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/588897#M6794 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1551422421">@jia_xuan</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for reaching out on Live Community.</P> <P>&nbsp;</P> <P>Could&nbsp; you please confirm below:</P> <P>1. Which Module is trigger alert?</P> <P>2. What is the detection source, is it BPT, Local Analysis or Wildfire?</P> <P>&nbsp;</P> Thu, 06 Jun 2024 06:05:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/588897#M6794 aspatil 2024-06-06T06:05:47Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/589017#M6805 <DIV id="bodyDisplay_1" class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"> <DIV class="lia-message-body-content"> <P>1) Credential Gathering Protection</P> <P>2) XDR Agent, Wildfire has marked detection benign.</P> </DIV> </DIV> Fri, 07 Jun 2024 00:31:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/589017#M6805 jia_xuan 2024-06-07T00:31:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/589062#M6806 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1551422421">@jia_xuan</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for providing the information.</P> <P>&nbsp;</P> <P>You can create an Alert Exclusion and add that to the profile instead of Global. Or take the execution script and create the Custom Prevention Rule or add it to Legacy agent exception.</P> <P>&nbsp;</P> <P>Once it is done, retrieve the alert data and open a TAC to check the reputation.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Regards</P> Fri, 07 Jun 2024 10:49:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/application-whitelisting/m-p/589062#M6806 aspatil 2024-06-07T10:49:17Z