topic Cortex XDR False Positive Report in Cortex XDR Discussions

Cortex XDR False Positive Report

york — Wed, 27 Nov 2024 08:14:21 GMT

Hello everyone,

We develop some applications and our customer told us when they install the application, it gives a malicious warning for a sub installer "gcad_local.exe". Is it possible to submit the file to Cortex XDR and add it to whitelist in some way?

Re: Cortex XDR False Positive Report

york — Wed, 27 Nov 2024 08:29:13 GMT

Hello Sir, thanks for your reply! However, this applicaiton will also be used among other customers who also use Cortex XDR on their machine. I am afraid they will still meet same error and think there is a virus with our application. Is there a way to submit it to paloalto to scan the file, so that this application will not be blocked by any Cortex XDR users anymore?

Re: Cortex XDR False Positive Report

nar — Thu, 28 Nov 2024 06:54:59 GMT

Hi @york

To answer this, we first need to understand what module is blocking it, Is it Wildfire or Local analysis or something else and based on that the exceptions work.If you are looking to analyze an .exe file then we have Wildfire engine from which CortexXDR Auto upload/analyze/compare and pull the verdicts from.
Ref - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/WildFire-analysis-concepts

If you want to manually do this analysis on a file then this is the portal link - https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/manually-upload-files-to-the-wildfire-portal

Give it a like & mark this as solution if this answered your query.