https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vmware-tools-vmtoolsd-exe-masquerading-4203898100/m-p/1225015#M8148 <P>​<SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]">These alerts appear to be false positives.</SPAN> <SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]">You can create an exception for the Behavioral Threat Protection (BTP) module.<BR />However, I recommend reaching out to Palo Alto Networks Technical Assistance Center (TAC) to have this issue investigated and corrected on the backend. If the engineering team determines the event to be a false positive and globally applicable, they may release a fix in a content update. <BR /></SPAN></P> <P>&nbsp;</P> <P><SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]"><SPAN>If you feel this has answered your query, please let us know by clicking like and&nbsp; on "mark this as a Solution". Thank you.</SPAN></SPAN></P> Fri, 28 Mar 2025 12:08:57 GMT aspatil 2025-03-28T12:08:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vmware-tools-vmtoolsd-exe-masquerading-4203898100/m-p/1224998#M8140 <P>Hello,</P> <P>&nbsp;</P> <P>We're receiving this alert from 5th of March for some endpoints. There is nothing suspicious in the incident, file is signed and have verdict benign. Has been there a new content update that caused this alert? What should we investigate in such cases?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Recent alerts" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/66827i66394025ACCEAA83/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-03-28 094354.png" alt="Recent alerts" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Recent alerts</span></span></P> <P>BR,</P> Fri, 28 Mar 2025 08:45:05 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vmware-tools-vmtoolsd-exe-masquerading-4203898100/m-p/1224998#M8140 Arman_Zaheri 2025-03-28T08:45:05Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vmware-tools-vmtoolsd-exe-masquerading-4203898100/m-p/1225015#M8148 <P>​<SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]">These alerts appear to be false positives.</SPAN> <SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]">You can create an exception for the Behavioral Threat Protection (BTP) module.<BR />However, I recommend reaching out to Palo Alto Networks Technical Assistance Center (TAC) to have this issue investigated and corrected on the backend. If the engineering team determines the event to be a false positive and globally applicable, they may release a fix in a content update. <BR /></SPAN></P> <P>&nbsp;</P> <P><SPAN class="relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem]"><SPAN>If you feel this has answered your query, please let us know by clicking like and&nbsp; on "mark this as a Solution". Thank you.</SPAN></SPAN></P> Fri, 28 Mar 2025 12:08:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/vmware-tools-vmtoolsd-exe-masquerading-4203898100/m-p/1225015#M8148 aspatil 2025-03-28T12:08:57Z