02-08-2023 02:42 PM
Anyone else running into this today?
Prevention Information:
Prevention date: Wednesday, February 8, 2023
Prevention time: 1:36:40 PM
OS version: 10.0.22621
Component: Hash Control
Cortex XDR code: C0400055
Prevention description: Suspicious executable detected
Verdict: 2
Quarantined: True
Post-Detected: False
https://www.reddit.com/r/paloaltonetworks/comments/10xclj0/cortex_xdr_putting_chrome_in_quarantine/
02-10-2023 01:39 AM
Could you share the hash of the file ?
"Suspicious executable detected" is generally producing by "Local analysis module" , Please check WF verdict and if binary is google binary ( I mean published by google), You can add hash into Allow list.
02-10-2023 03:48 AM - edited 02-10-2023 03:49 AM
Hi @LCMember4420,
Component: Hash Control, means that the hash associated to that application has been added to the Deny List in Action Center. Could you please get the Initiated SHA-256 value, go to Action Center > Deny list and filter by that value? I believe that you will see it there. If you see it there, you can remove it from that list.
Please note, Wildfire and Local Analysis are automated processes within Cortex XDR, and it is always recommended to rely on this process. However, Cortex XDR admins can override the Wildfire/ Local Analysis Verdict by adding hashes in the Allow/Deny List in Action Center and if a hash that is in the Deny list is executed, it will create an alert with Module=Hash Control.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
