Denied URL - Broker VM

Hi team!

Does anyone have or have had a situation where the applet local agent settings show "Denied url: URL_HERE"? 

 Sometimes for short periods of time (around 5 -30 seconds) our broker VMs turn on in red the applet and we can see the message

Cortex XDR Blocking Intel process

Hello,
We have noticed a reoccuring issue between our clients, that a intel process is being blocked.
The main cause of it being blocked is IntelGraphicsSoftware.Service.exe with a path something like this - C:\Program Files\WindowsApps\AppUp.IntelArcS

All Actions query failed

When querying All Actions and viewing events for a single PC, a Query Failed error occurs.

Has anyone encountered a similar issue or has any related experience to share?

Upgrade 4.X Cortex Tenant

Does anyone know how to upgrade the Cortex tenant from 3.x to 4.x, do I have to talk to Palo Alto or it can be upgraded by myself?

Cortex cloud architecture diagram

Can someone please help me with a detailed architecture diagram of cortex cloud as we have in Prisma cloud solution stack.

#cortexcloud

Hostfirewall Status Report

Hi Team,

I am trying to fetch some report from Cortex XDR console. I would like to know how many endpoints has host firewall rule applied. How many endpoints still running with Windows firewall. Is there any script available to check.

We are experiencing a problem, data may not be up to date. Please try again in a few minutes.

Hello All,

I've been seeing the following message on our Cortex XDR Dashboard for the past few days:

"We are experiencing a problem, data may not be up to date. Please try again in a few minutes."

There's also a link to Download support file inc

XDR Allow-Listing signed processes

We have internally developed scripts that we would like to create XDR exclusions or alert level reduction for based on if they contain code signing certificates.  I don't know how to go about doing this or if it's even possible.

The idea here is to

Causality Chain

Hello,

Can you please explain the difference between the causality chain of the 2 attached photos?
What exactly are the executions?

Block Execution of Specific Applications Regard of version

Hi,

We want to enforce the use of only the approved version of AnyDesk (9.6.5.0 and above) on all Windows endpoints and completely prevent execution of any older versions of anydesk.exe.

Is there a clean and maintainable way to achieve this using C

Unable to download a from from an endpoint - File size limit exceeded

Hello Cortex geeks,

I have a problem with a large file on an endpoint. This file is relatively large (1.1GB), has no VT ranking as it's too large for it obviously, and Cortex alerted about it because of signature forgery. I want to download and exami

Cortex XDR automation

is there any way to make the automation rule priority one? i don't have any other  rule