- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-18-2024 09:26 PM
Hi Community ,
i Had Came Across Some of the Questions Regarding Cortex Xdr , Hope you'll help me with Narrow Down The Rabbit Hole
1. Why the Cortex scanning the files on the Endpoints that has the benign Verdicts in the Scanning Phase .
2. There are Few Factors on that we can Decide that File is Malicious or Benign
i. Based On the Execution Location of the File
ii. Wildfire Verdict
iii. Virustotal Verdict
Other than the Above factors can we have any Methods to Decide is it True of False Positive
3. why there is Benign with Low Confidence when there is already Benign Verdict
i. On the scale of the 1-10 where the Benign with Low Confidence Lies
4. is there any way to change the Account Admin Role to Specific without Deleting the Users
5. if the Agent is gone Connection Lost then after a long time User Check-in , is it going to Create two entries in the Cortex Console
6. in the Agent Audit Logs in the Monitoring Category agent Service is been Stopped and Result is N/A and the Description was XDR Service cyserver Stopped on the XYZ Endpoint .
i. is it Beacause of the Shuting Down the Machine or There are any Other Reasons Apart from this
7. in the Agent Audit Logs in the Monitoring Category , Type = Agent Subtype= Quota Exceeded, what is the Meaning of the Quota Exceeded
8. what will the Appropriate Scanning Period that has Around 5000 Endpoints
Note : In the Scanning Policy XDR Repeatedly scans that File that has been Already Resolved , Why is Such Behaviour
02-27-2024 07:03 AM
Hello @Yayati
Thanks for reaching out on LiveCommunity!
It tried to answer the questions provided by you. Please find below the answers.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
02-27-2024 07:03 AM
Hello @Yayati
Thanks for reaching out on LiveCommunity!
It tried to answer the questions provided by you. Please find below the answers.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!