Anti-ransomware aggressive mode files backup issues

Hi to everyone.

We have anti-ransomware feature set in "aggressive mode" 

The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem pers

Command to Install 7.8 agent on top of the existing agent for Linux servers

Hello,

Can we please get the command to Install 7.8 agent on top of the existing agent for Linux servers.

Need to Change the Uninstallation password?

If the client needs to uninstall the Cortex XDR it asks for the password, So need to change that password, what is the path and will be any impacts on the systems which are with agent installed?

Uninstalling Cortex XDR

Hi All,

The customer is trying to uninstall the old agent version as they are not reporting to the console and installing the latest version. 

There are 1000+ machines in the infra and they are planning to do this via a centralized tool. 

Please su

XQL Query: Issue with arrayindexof() function in host_inventory dataset

Whenever we use arrayindexof() function with host_inventory dataset we get an error (Failed to run) but whereas when we run with dataset of xdr_data we get a success response message.

Please run the below XQL query: (Status == Success)

How to find the Cortex XDR client Policy Profile name from Windows without Local Admin

As different Cortex XDR Policy profiles can be pushed to different users, it is sometime required to find out what is the current XDR Policy Profile used by a particular endpoint.

If the endpoint has local administrator privilege, we could just sea

Please share your useful XQL queries!

Hello!

as a beginner with Cortex XDR I asked me, what are interests of others in the query section. 

If you have some interesting and useful queries, please share and describe them in a short way. 

Thank you!

BR

Rob

False Positive: Suspicious File Modification' generated by XDR Agent - Module Anti-Ransomware Protection

Hi we see a problem with a powershell Script we are using to clean up Profiles on some specific Remote Session Host Servers.

It will be blocked by Cortex XDR Pro and so I want to make an Exception for this.

Unfortunately it seems only possible to do a

How many attempts constitute a brute force attempt?

Occasionally, I see an alert with the description of "LDAP: User Login Brute Force Attempt".  If I'm reading the tea leaves correctly, we're relatively confident that we're observing a failed logon for someone performing maintenance on a specific dev

Cortex XDR Agent Driver Shutdown on Windows 11 22H2

Hello Team,

We have received an advisory for Cortex XDR Agent Driver Shutdown on Windows 11 22H2. Its was recommended that to pause any planned upgrades on endpoints running the operating system Windows 11 22H2. 

It was also mentioned that a new

Compatible Check

Hello Team,

Can you confirm whether the Broker VM appliance compatible with cortex XDR.

how to suppress the prompt "Cortex XDR" would like filter network content"

for the Macs, how does one configure Cortex to suppress the display of this prompt (see attached), and just automatically use 'Allow'.

Ive tried calling up com.paloaltonetworks.cortex.app.plist, but I don't see an obvious key pair where this behavi