https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blocks-malwarebytes/m-p/1220858#M7917 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15227">@GaryM</a>&nbsp;,</P> <P>&nbsp;</P> <P>I would suggest you to first have a TAC case opened to confirm the reputation of the detection.&nbsp; This may be&nbsp;<SPAN>post-detection alert, this kind of alert triggers when a benign file is allowed to run in an environment but later the verdict gets changed to malware in the cloud. Please refer to the Wildfire Post-Detection (Malware and Grayware) in the below document. </SPAN><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/endpoint-protection-modules.html" target="_blank" rel="noopener" data-aura-rendered-by="300:3118;a">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/endpoint-protection-modules.html</A></P> <P>&nbsp;</P> <P>TAC can help you to identify and correct the reputation. If it is legitimate malware detection, and you want to accept this risk, you can go with exception configuration.</P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> Wed, 19 Feb 2025 05:41:02 GMT aspatil 2025-02-19T05:41:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blocks-malwarebytes/m-p/1220739#M7912 <P>After a recent update to MalwareBytes Cortex XDR is now detecting and blocking it.</P> <P>&nbsp;</P> <P>Has anyone else seen this, and is there a was to allow the MalwareBytes Digital Signature? I prefer not to have to allow the hash for each version.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="GaryM_0-1739887323265.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/66073i4614BB331DF0DA5A/image-size/medium?v=v2&amp;px=400" role="button" title="GaryM_0-1739887323265.png" alt="GaryM_0-1739887323265.png" /></span></P> <P>&nbsp;</P> Tue, 18 Feb 2025 14:07:20 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blocks-malwarebytes/m-p/1220739#M7912 GaryM 2025-02-18T14:07:20Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blocks-malwarebytes/m-p/1220858#M7917 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15227">@GaryM</a>&nbsp;,</P> <P>&nbsp;</P> <P>I would suggest you to first have a TAC case opened to confirm the reputation of the detection.&nbsp; This may be&nbsp;<SPAN>post-detection alert, this kind of alert triggers when a benign file is allowed to run in an environment but later the verdict gets changed to malware in the cloud. Please refer to the Wildfire Post-Detection (Malware and Grayware) in the below document. </SPAN><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/endpoint-protection-modules.html" target="_blank" rel="noopener" data-aura-rendered-by="300:3118;a">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/endpoint-protection-modules.html</A></P> <P>&nbsp;</P> <P>TAC can help you to identify and correct the reputation. If it is legitimate malware detection, and you want to accept this risk, you can go with exception configuration.</P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> Wed, 19 Feb 2025 05:41:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-blocks-malwarebytes/m-p/1220858#M7917 aspatil 2025-02-19T05:41:02Z