- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-27-2022 08:48 AM
Hello ,
Just wondering why does cortex block hashes that are already part of allow list sometimes ?
05-27-2022 02:31 PM
Hello! I had a similar problem with some incidents. I created the white listing, but the process still blocked.
The workaround was to restart the pc (and maybe to check in).
Try it and give ma feedback if it is working for you.
05-29-2022 10:50 PM
Hello ! Thanks a ton for the workaround ! This is only working on few of the system.
05-30-2022 12:45 AM
We have similar problems with white-listed binaries and received the following explanation: The white listing only adds the hash to a list of static IOC, if the binary acts in a suspicious way (either live or in WildFire) it will be blocked. One solution is to always run the latest version and report false positives, the other one is creating a malware profile which excludes certain files and folders from being scanned.
05-31-2022 02:05 AM
Hi @MartinPfeil
you can also tweak wildfire verdict if you dont agree with it, and you will get an answer from us in 2 or 3 days.
KR,
Luis
05-31-2022 02:20 AM
Hello Eluis, this is a standard procedure when we identify false positive alerts: report an incorrect verdict back to Palo Alto. Unfortunatly we still have to deal with the results of the initial false positive detection, e.g. messed up and incomplete software installations and updates because WF blocked access to certain files on several systems. This happens especially with software development tools and foreign language software, especially Chinese.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!