XDR sometimes blocks the use of left mouse clicks on Windows Start Menu

We've deployed the Cortex XDR agent version 7.1.2 to 50-60 end-user machines so far. 2 users have reported the agent has stopped the use of left mouse clicks on the Windows Start Menu and Search Box. Right mouse clicks work fine. As soon as we remove

Citrix XenApp - AV Exclusions - Non persistent Session hosts

Hi all, 

Anyone know if there are any optimisation guides for Cortex XDR in a XenApp non persistent enviroment ?

Should we add in some AV exclusions as mentioned by Citrix @ https://docs.citrix.com/en-us/tech-zone/build/tech-papers/antivirus-best-pra

Agent 7.2 dont comunicate with broker vm

I proceeded to install cortex XDR on a Kali, respecting the installation parameter chmod + x Kali.sh - --proxy-list "proxysrv: 8080,10.250.1.34: 8080" However, the client cannot contact the broker the error it is a timeout. my query is the following,

Investigating ABIOCS

I'm investigating the cause of ABIOC alerts. We've seen one particular alert that appears to be a false positive but I'd like to get some more information to be sure and to understand these alerts better:

Name: Suspicious process accessed a site masq

BAT Script to uninstall Cortex using Agent cleaner with disabling tampering protection

Hi folks,

Could you help me plaease to know how can i create a bat script to execute Cortex Agent cleaner with anti tampering password to remove cortex agents?

I have to use bat because powershell is prohibited

Alert/Incident handling process template

Hi All,

Does any one have a sample template or document for Cortex alert /incident managment procedure.

Regards

Asif Siddiqui

Trying to create an exclusion for a process with a specific cmdlet (exploit)

For the past couple of days, we have received a low priority alert with the following params:

Source: XDR Agent

Category: Exploit

Action: Prevented (Blocked)

In researching the alert in the alert table, I have determined that the action is tied with a h

Reported known issues with XDR agent version 7.3.0.16740

Hello Members,

did anyone face any issue yet with newly released Cortex XDR Agent Version 7.3.0.16740 ? Like CPU high utilization, High Disk I/O or any other performance factors?

Thanks

Analytic Bioc Rules

Is there a way to see the actual detection of the analytic bioc rules

Normal bioc rules i can open in investigator but these i cannot

Backup software performance

One of our VMs seems to have its performance really impacted when backups run on a file server.  I do not readily see guidance for suggestions on how I might adjust Cortex XDR Prevent's settings to improve things since there is a fair amount of data

cortex xdr - submit false positive - shuttools 1.81

Palo Alto I am having a problem with your program mis classifing my tool suite

Shut.Tools.1.81.docm

as a false positive.  Its a vba macro that has previously been clearing my Microsoft and utilises some MVP code.  I depend on this to undertake my tasks

admin password for brokeVM

HI 

For the brokerVM, what is de admin password when you want to run sudo command? 

I'm currently running broker 10.1.9

Thanks!

Quarntine Malicious file detected by scan

Hi all,

When I initiate a scan to a machine a the action of malicious file is Detected (Scanned) but it is not getting quarantine although we enabled the quarantine malicious files in Behavioral Threat Protection.
Anyone know the reason ?

Thank you,