topic Re: Cortex XDR block to execute Xcode Execution in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-block-to-execute-xcode-execution/m-p/426797#M966 <P>The rule of thumb is to check with the business and IT operations if it is a sanctioned application. If it's allowed and you need to create an exception, there are multiple options based on the rate at which the process hash changes. An option is to add the hash to allow list -&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-files/manage-file-execution.html" target="_self">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-files/manage-file-execution.html</A></P> Fri, 13 Aug 2021 20:26:14 GMT malalade 2021-08-13T20:26:14Z Cortex XDR block to execute Xcode Execution https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-block-to-execute-xcode-execution/m-p/426486#M955 <P>In some of user cortex XDR agent blocking the Xcode <SPAN>simulator-trampoline&nbsp;program. Its detect as malware and&nbsp;Suspicious executable detected. when we show alert after some time wildfire score display Benign and low confidence so is it safe to allow that file in environment ?&nbsp; I have click on that file and check value in virus total portal but item&nbsp;is not found on virus total.</SPAN></P> Thu, 12 Aug 2021 11:12:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-block-to-execute-xcode-execution/m-p/426486#M955 DChavda 2021-08-12T11:12:50Z Re: Cortex XDR block to execute Xcode Execution https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-block-to-execute-xcode-execution/m-p/426797#M966 <P>The rule of thumb is to check with the business and IT operations if it is a sanctioned application. If it's allowed and you need to create an exception, there are multiple options based on the rate at which the process hash changes. An option is to add the hash to allow list -&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-files/manage-file-execution.html" target="_self">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-files/manage-file-execution.html</A></P> Fri, 13 Aug 2021 20:26:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-block-to-execute-xcode-execution/m-p/426797#M966 malalade 2021-08-13T20:26:14Z