Cortex XDR False Positive Report

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR False Positive Report

L0 Member

Hello everyone,

We develop some applications and our customer told us when they install the application, it gives a malicious warning for a sub installer "gcad_local.exe". Is it possible to submit the file to Cortex XDR and add it to whitelist in some way?

Cortex XDR 

2 REPLIES 2

Hello Sir, thanks for your reply! However, this applicaiton will also be used among other customers who also use Cortex XDR on their machine. I am afraid they will still meet same error and think there is a virus with our application. Is there a way to submit it to paloalto to scan the file, so that this application will not be blocked by any Cortex XDR users anymore? 

Hi @york 

To answer this, we first need to understand what module is blocking it, Is it Wildfire or Local analysis or something else and based on that the exceptions work.If you are looking to analyze an .exe file then we have Wildfire engine from which CortexXDR Auto upload/analyze/compare and pull the verdicts from.
Ref - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/WildFire-analysis-con...

If you want to manually do this analysis on a file then this is the portal link - https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analy...


Give it a like & mark this as solution if this answered your query.
 
 
 
  • 222 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!