Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex Domain controllers exceptions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex Domain controllers exceptions

L0 Member

Hi Team,

 

We are having replication issues across the domain controllers and Microsoft is suspecting its an issue with Cortex and they want the the below files to be created as an exceptions across all our domain controllers.

 

To rule out Cortex issue we thought we will put this DC's in report mode instead of Block, as it is a risk of keeping DC's in report mode for longer duration till the replication is completed.

 

But im not able to add the below in the exclusions as it is not allowing this format in Cortex, please advise?

 

The following will need to be exception in Cortex AV. Once exceptioned and the list of files waiting to be replicated drops then Microsoft will investigate further.

 

SYSVOL Exceptions

$db_normal$

FileIDTable_*

SimilarityTable_*

*.xml

$db_dirty$

$db_clean$

$db_lost$

Dfsr.db

Fsr.chk

*.frx

*.log

Fsr*.jrs

Tmp.edb

 

 

2 REPLIES 2

L4 Transporter

Hi @Majid1Khan,

 

I'm researching this issue for you now and will get back to you as quickly as I can.

L4 Transporter

Hi @Majid1Khan,

 

I’ve taken a look at your list of exceptions received from Microsoft.  It appears that some of them are individual files/file types.  Others such as $db_normal$ appear to refer to a certain location on disk.  Looking at this Microsoft documentation I was able to find references to what you were given.

 

SYSVOL Exceptions

$db_normal$ - See below

FileIDTable_* - See below

SimilarityTable_* - See below

*.xml - File Type 

$db_dirty$ - See below

$db_clean$ - See below

$db_lost$ - See below

Dfsr.db - File Type

Fsr.chk - File Type

*.frx - File Type

*.log - File Type

Fsr*.jrs - File Type

Tmp.edb - File Type

anlynch_0-1679504249225.png

 

anlynch_1-1679504249307.png

 

 

In the screenshot above you can see a lot of the file types you mentioned in your previous post.  I hope this helps clarify the exceptions you would need to input into Cortex XDR.

 

Please reply to this comment if you have any further questions.  We’re happy to help.

 

Have a great day!

  • 2225 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!