This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex blocking hashes in allowed list

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex blocking hashes in allowed list

NivedaR
L2 Linker

‎05-27-2022 08:48 AM

Hello ,

 

Just wondering why does cortex block hashes that are already part of allow list sometimes ?

2 people had this problem.
0 Likes Likes
5 REPLIES 5

Cyber1985
L3 Networker

‎05-27-2022 02:31 PM

Hello! I had a similar problem with some incidents. I created the white listing, but the process still blocked. 

The workaround was to restart the pc (and maybe to check in). 

Try it and give ma feedback if it is working for you. 

NivedaR
L2 Linker
In response to Cyber1985

‎05-29-2022 10:50 PM

Hello ! Thanks a ton for the workaround ! This is only working on few of the system. 

0 Likes Likes

MartinPfeil
L2 Linker

‎05-30-2022 12:45 AM

We have similar problems with white-listed binaries and received the following explanation: The white listing only adds the hash to a list of static IOC, if the binary acts in a suspicious way (either live or in WildFire) it will be blocked. One solution is to always run the latest version and report false positives, the other one is creating a malware profile which excludes certain files and folders from being scanned.

 

0 Likes Likes

eluis
L4 Transporter
In response to MartinPfeil

‎05-31-2022 02:05 AM

Hi @MartinPfeil 

you can also tweak wildfire verdict if you dont agree with it, and you will get an answer from us in 2 or 3 days. 

KR,
Luis

0 Likes Likes

MartinPfeil
L2 Linker
In response to eluis

‎05-31-2022 02:20 AM

Hello Eluis, this is a standard procedure when we identify false positive alerts: report an incorrect verdict back to Palo Alto. Unfortunatly we still have to deal with the results of the initial false positive detection, e.g. messed up and incomplete software installations and updates because WF blocked access to certain files on several systems. This happens especially with software development tools and foreign language software, especially Chinese. 

0 Likes Likes
  • 3503 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks