07-07-2025 11:52 PM
Hello all,
I am a new user of Cortex XDR and I noticed that upon scanning a host, the malicious files identified by the scan are so difficult to find. I was expecting a proper scan report, where I can actually see the name and path of the identified malicious files (not to mention some more enrichment, such as a file SHA or proper verdict). For example, I have a scan report with 4 malicious files resulted, but when checking the alerts on that host (as this is the only way to gather some info about those files), I can find only 3...where is the 4th? Is there another way to identify the malicious files discovered by the scan? I definitely hope that soon we can get a proper scan report implemented in the tool.
07-08-2025 04:29 AM
Hi C.Constantin,
Please bare in mind that Cortex XDR is a tool that alerts and blocks after an attempt of execution, this can be the mismatch between what you see after the scan and the alerts you find. There is a functionality for windows on-write scan that you can activate too. But lets focus on your current situation/question.
To locate the files "any file you want", you can go to the Action Center (under response menu) and from there look for the functionality file search. From the action center you can find any files even in all your endpoints managed by XDR doesnt matter if they were executed or not. And you can use search and destroy too to remove those files.
Related to your question of having a scan report with different info as you have today, let me inform you that if you have Customer Success Premium Services you will have assigned a CSA and a CSM and you can ask for New Feature Requests for XDR. I have no idea the type of services and contracts that you have signed with us, Im just trying to add more info and solutions to your questions.
So if you have CSA/CSM assigned, please contact them for New Feature Requests topics
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
KR,
Luis
07-10-2025 02:11 AM
Hi Luis,
Thank you very much for your answer.
However, my main issue is not finding files *any files* in my environment, but rather searching for THE files which were identified as malicious in the scan report. Since the scan report only shows the number of malicious files, but not their name, path or any other info which would enable me to identify them, obviously, I don't know what to search for. Most of the EDR/XDR tools I worked with had a much more enriched scan report, so I am hoping that this is something that will be implemented in the future, as it is a basic functionality without which the scan report is almost useless.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
