This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Automatic deletion of files suspected/confirmed as malware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Automatic deletion of files suspected/confirmed as malware

Daniel_Itenberg
L2 Linker

‎11-22-2021 01:06 AM

Hi all, 

Can the XDR auto delete files it has flagged, be it by local analysis or wildfire analysis? Or does it just block and quarantine files?

0 Likes Likes
4 REPLIES 4

PeteJacobCF
L3 Networker

‎11-22-2021 07:13 AM

looks like in the new v3.1 version you can do this:

Permanently Delete Quarantined files
(Requires a Cortex XDR agent 7.6 or a later release for Windows)
To help you better manage malicious files which have been quarantined and avoid any potential mistake of restoring unwanted files, you can now permanently delete quarantined files on the endpoint from the File Quarantine Details page.
0 Likes Likes

aaminahassan
L1 Bithead

‎05-02-2023 12:04 AM

aaminahassan_0-1683011031186.pngHey! I want to ask more about it. whats the API call to delete file other than quarantine file API at end point. 

 

0 Likes Likes

PiyushKohli
L4 Transporter
In response to aaminahassan

‎05-02-2023 10:12 PM

Hi @aaminahassan 

 

Regarding your use case above i.e. api call to delete file. You may run script using api to delete a file. There is a python script with name "delete_file" under Script library which you can locate at (Incident Response -> Response -> Action Center -> Agent Script Library). Using the api you may mention the file path of the file which needs to be deleted.

 

Screenshot for reference:

PiyushKohli_0-1683090610663.png

 

API Ref: https://cortex-panw.stoplight.io/docs/cortex-xdr/3675bfc1e315e-run-script

 

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.


Regards.

0 Likes Likes

aaminahassan
L1 Bithead
In response to PiyushKohli

‎05-02-2023 10:20 PM

Thanks for the prompt response.
Also please share the way out to whitelist USB using which API call? Under device control I can see only get_violations. I can get_violations of device but don't know the exact parameters/API end point to whitelist the device.
0 Likes Likes
  • 2541 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks