https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255315#M9367 <P>We were also suffering from this. I remember seeing it was addressed in a content pack update. We're only seeing this on endpoints without the current content pack now.</P> Wed, 03 Jun 2026 11:01:56 GMT Karl-Foley 2026-06-03T11:01:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1254964#M9353 <P><SPAN>Hello everyone,</SPAN></P> <P><SPAN>Has anyone seen this process appear in Cortex XDR?</SPAN></P> <P><SPAN>C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22603.1401.4.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe</SPAN></P> <P>&nbsp;</P> <P><SPAN>It’s showing up on an endpoint, but Cortex XDR isn’t providing any additional details, alerts, or related events. Before I dismiss it, I want to confirm whether this is expected behavior or if anyone has seen suspicious activity tied to this executable.</SPAN></P> <P><SPAN>Any insight is appreciated.</SPAN></P> Thu, 28 May 2026 19:16:08 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1254964#M9353 Juliortega 2026-05-28T19:16:08Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255118#M9354 <P>Hello,</P> <P>&nbsp;</P> <P>Yes, we are having the same issue, and we are following with the support they recommended to add an exception. not yet added.&nbsp;</P> <P>there are multiple processes related to Microsoft but without any signature, even though the process in it's correct path.</P> <P>&nbsp;</P> Mon, 01 Jun 2026 09:39:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255118#M9354 sherefa 2026-06-01T09:39:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255125#M9355 <P>We also have the same issue. We saw 3 different hashes for "StoreExperienceHost.exe" over the past 6 weeks. It's always a Local Analysis Malware alert. The WildFire verdict is then benign, so no action is really needed, but still annoying to get these alerts.&nbsp;</P> Mon, 01 Jun 2026 11:48:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255125#M9355 andreal 2026-06-01T11:48:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255245#M9363 <P>We are seeing the same exact thing here in our shop. Palo did eventually give us a SUEX file to quiet the noise. I'd prefer that they fix whatever is determining that file to be suspicious. This is not the first time we've had something similar happen with MS Store files.&nbsp;</P> <P>&nbsp;</P> Tue, 02 Jun 2026 21:16:59 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255245#M9363 Joe_Carissimo 2026-06-02T21:16:59Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255315#M9367 <P>We were also suffering from this. I remember seeing it was addressed in a content pack update. We're only seeing this on endpoints without the current content pack now.</P> Wed, 03 Jun 2026 11:01:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/suspicious-executable-detected-microsoft-store-purchase-app/m-p/1255315#M9367 Karl-Foley 2026-06-03T11:01:56Z