https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/details-regarding-programdata-cyvera-folders/m-p/1225438#M8166 <P>Interesting query I got was from a client running Microsoft defender alongside Cortex XDR. I already understand from another post:</P> <P><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-side-ms-defender-for-endpoint/td-p/1223498" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-side-ms-defender-for-endpoint/td-p/1223498</A></P> <P>&nbsp;</P> <P>Not to have both active at the same time, either has to be either passive or disabled.</P> <P>&nbsp;</P> <P>His current situation is that Defender is flagging one of the recent files in&nbsp;programdata/cyvera/prevention as spyware. As he asked what exactly this folder is, I realized that I am not sure what each folder inside the Cyvera section usage or function.</P> <P>&nbsp;</P> <P>Looking through administration guide was a futile effort as there was no details for folders.</P> <P>&nbsp;</P> <P>Can someone explain to me what each folder use is or at least for&nbsp;programdata/cyvera/prevention?</P> Wed, 02 Apr 2025 08:29:39 GMT MoKhaled 2025-04-02T08:29:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/details-regarding-programdata-cyvera-folders/m-p/1225438#M8166 <P>Interesting query I got was from a client running Microsoft defender alongside Cortex XDR. I already understand from another post:</P> <P><A href="https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-side-ms-defender-for-endpoint/td-p/1223498" target="_blank">https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-along-side-ms-defender-for-endpoint/td-p/1223498</A></P> <P>&nbsp;</P> <P>Not to have both active at the same time, either has to be either passive or disabled.</P> <P>&nbsp;</P> <P>His current situation is that Defender is flagging one of the recent files in&nbsp;programdata/cyvera/prevention as spyware. As he asked what exactly this folder is, I realized that I am not sure what each folder inside the Cyvera section usage or function.</P> <P>&nbsp;</P> <P>Looking through administration guide was a futile effort as there was no details for folders.</P> <P>&nbsp;</P> <P>Can someone explain to me what each folder use is or at least for&nbsp;programdata/cyvera/prevention?</P> Wed, 02 Apr 2025 08:29:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/details-regarding-programdata-cyvera-folders/m-p/1225438#M8166 MoKhaled 2025-04-02T08:29:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/details-regarding-programdata-cyvera-folders/m-p/1225472#M8169 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/294635">@MoKhaled</a>&nbsp;,</P> <P>&nbsp;</P> <DIV id="CEG2AE8Q1-1595522554.142700-thread-list-Thread_1610462894.137700" class="c-virtual_list__item" tabindex="0" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1610462894.137700"> <DIV class="c-message_kit__background c-message_kit__message c-message_kit__thread_message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--default"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">This is where Prevention Data is stored locally, the file that you can request from the UI using (Retrieve Alert Data), aka the Prevention Dump.</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV id="CEG2AE8Q1-1595522554.142700-thread-list-Thread_1610462935.137900" class="c-virtual_list__item" tabindex="-1" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1610462935.137900"> <DIV class="c-message_kit__background c-message_kit__message c-message_kit__thread_message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--above"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__left" role="presentation">&nbsp;</DIV> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">Recent Files are a component of this prevention dump, often containing files that were open at the time of the event, or libraries loaded into an offending/protected process and those sort of files.</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV id="CEG2AE8Q1-1595522554.142700-thread-list-Thread_1610462988.138100" class="c-virtual_list__item" tabindex="-1" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1610462988.138100"> <DIV class="c-message_kit__background c-message_kit__background--hovered c-message_kit__message c-message_kit__thread_message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover c-message_kit__hover--hovered" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--above"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__left" role="presentation">&nbsp;</DIV> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">You should exclude c:\programdata\Cyvera\* from all protection modules in Defender or it's going to cause issues one way or another.</DIV> <DIV class="p-rich_text_section">&nbsp;</DIV> <DIV class="p-rich_text_section"><SPAN>If you feel this has answered your query, please let us know by clicking like and&nbsp; on "mark this as a Solution". Thank you.</SPAN></DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV id="CEG2AE8Q1-1595522554.142700-thread-list-Thread_input" class="c-virtual_list__item" tabindex="-1" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="input"> <DIV class="p-threads_footer__input_container p-threads_footer__input_container--sticky_composer" data-qa="reply_container"> <DIV class="p-threads_footer__input p-message_input_unstyled p-message_input_unstyled--attachments-visible p-message_input_unstyled--dark" role="group" aria-label="composer"> <DIV class="p-message_input__input_container_unstyled c-wysiwyg_container c-wysiwyg_container--theme_dark c-wysiwyg_container--with_footer c-wysiwyg_container--theme_dark_bordered c-basic_container c-basic_container--size_medium" data-max-lines="16"> <DIV class="c-basic_container__body"> <DIV class="c-wysiwyg_container__formatting" role="toolbar" aria-orientation="horizontal" aria-label="Formatting" data-qa="wysiwyg-container_formatting-enabled"> <DIV class="p-texty_sticky_formatting_bar"> <DIV> <DIV class="p-composer__body p-composer__body--visible p-composer__body--unstyled">&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Wed, 02 Apr 2025 15:56:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/details-regarding-programdata-cyvera-folders/m-p/1225472#M8169 aspatil 2025-04-02T15:56:39Z