Kandji MDM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Kandji MDM

L0 Member

Hello everyone,

Over the last two months we are having constant issues with Cortex and Kandji playing nice together. Before that everything was working without any issue for at least half a year, if not longer.

What happens is the following: Kandji gets updated, some of its files change and they get flagged as malicious by Wildfire. At that point we can create exceptions/allowlist them, but the damage has already been done, users are sending tickets and everything is impacted and halted.

 

After a while the Wildfire classification gets overwritten (manually, I assume) to benign and the issue doesn't occur until the next update. 

 

Did anyone have any similar experiences with the Cortex/Kandji combo recently? Have you come up with a workaround that doesn't involve creating exceptions for everything Kandji related?

1 REPLY 1

L4 Transporter

Hello @JosipS 

 

Thanks for reaching out on LiveCommunity!

Please raise a TAC case because the alert data needs to be analysed to determine the root cause. TAC team will be able to help you to troubleshoot the issue. 

  • 839 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!