Cortex XDR quarantined Chrome

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR quarantined Chrome

L0 Member

Anyone else running into this today?

 

 

Prevention Information:
Prevention date: Wednesday, February 8, 2023
Prevention time: 1:36:40 PM
OS version: 10.0.22621
Component: Hash Control
Cortex XDR code: C0400055
Prevention description: Suspicious executable detected
Verdict: 2
Quarantined: True
Post-Detected: False

https://www.reddit.com/r/paloaltonetworks/comments/10xclj0/cortex_xdr_putting_chrome_in_quarantine/

2 REPLIES 2

L3 Networker

Hi @LCMember4420 

 

Could you share the hash of the file ?

"Suspicious executable detected" is generally producing by "Local analysis module" , Please check WF verdict and if binary is google binary ( I mean published by google), You can add hash into Allow list. 

L4 Transporter

Hi @LCMember4420,

 

Component: Hash Control, means that the hash associated to that application has been added to the Deny List in Action Center. Could you please get the Initiated SHA-256 value, go to Action Center > Deny list and filter by that value? I believe that you will see it there. If you see it there, you can remove it from that list.

 

Please note, Wildfire and Local Analysis are automated processes within Cortex XDR, and it is always recommended to rely on this process. However, Cortex XDR admins can override the Wildfire/ Local Analysis Verdict by adding hashes in the Allow/Deny List in Action Center and if a hash that is in the Deny list is executed, it will create an alert with Module=Hash Control.

fmoixsante_1-1676029782075.png

 

  • 1133 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!