10-12-2023 05:44 AM
Hello everyone,
Over the last two months we are having constant issues with Cortex and Kandji playing nice together. Before that everything was working without any issue for at least half a year, if not longer.
What happens is the following: Kandji gets updated, some of its files change and they get flagged as malicious by Wildfire. At that point we can create exceptions/allowlist them, but the damage has already been done, users are sending tickets and everything is impacted and halted.
After a while the Wildfire classification gets overwritten (manually, I assume) to benign and the issue doesn't occur until the next update.
Did anyone have any similar experiences with the Cortex/Kandji combo recently? Have you come up with a workaround that doesn't involve creating exceptions for everything Kandji related?
10-17-2023 06:37 AM
Hello @JosipS
Thanks for reaching out on LiveCommunity!
Please raise a TAC case because the alert data needs to be analysed to determine the root cause. TAC team will be able to help you to troubleshoot the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
