initial profiling?

when you first install the Cortex XDR agent on a new server (and reboot if on Windows), is it immediately 'active' and blocking suspicious processes? I was told that it ran in 'passive' mode for 30-days as it built a profile of "normal" activity for

Signature Weak hash

Good day! community,

I have a question, what treatment is given to executables that are signed as weak hash?

I understand that cortex XDR will block its execution.

Can it be excepted considering that it is a utility software?

The hash is unaltered and W

Change in the way URL Filtering alerts are presented in Cortex XDR?

Hello, beginning on or about 20 July, began to see MANY more Incidents created in Cortex XDR that looked similar to this:

Incident Description: 'Threat ID #' generated by PAN NGFW detected on host <hostName> involving xyz\UserName

(note, there is NOTHI

Cortex XDR Incidents new field

Hi all,

This is my first post here.

I had this idea/suggestion that a new field should be added on incidents page.

When we deal with multiple incidents, a necessary field will be needed for quicker decision making for an analyst.

So I wanted to suggest

creat exception profile with file extension

my customer has a service that requires to be excluded from Cortex XDR agent activities. he gave me some processes and file extensions and paths. where can I do this on Cortex console? 

What is an agent protection password?

I use MacOs and Cortex XDR, and I wanna uninstall the Cortex XDR.

Cortex XDR Uninstaller.app said a following sentence:

[ Enter agent protection password ( set by the administrator ) ]

I didn't set the agent protection password.

How can I uninstall the

Coretex XDR alert/incidents for wildfire test file

Hi Community,

Does the wildfire test file generate a alert/incident which can be seen XRD console ?

I have a XDR agent connected to cloud. The wildfire test sample in prevented and i can see it in events of XDR agent. I cannot see this in XDR console

Host Firewall Logs

Hi Team,

We have Host firewall profile enabled to block access to some of the IP address.How can we check these logs, if any users tried to access these blocked ip addresses and at what time they tried so. please advise.

Submit a revision about false positive malware in Cortex

Hi,

Before in Traps Management Services, I was able to report a false positive hash to WildFire for revision.

How can I do that in Cortex ?

Thank you.

problem starting the pc

I have been having problems with some users, they report that their computer takes 30 to 40 minutes to start when they have the cortex agent installed and when they uninstall it it starts normally. It is worth mentioning that the agents are currently