This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Potentially Dangerous Tool Alert

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Potentially Dangerous Tool Alert

Go to solution
aholdt
L1 Bithead

‎04-15-2024 01:18 AM

Hi

Cortex has started blocking a legitimate tool we use: certify.exe, which is part of Certify The Web, that we use to automate certificate renewal from Lets Encrypt.

I have not seen this before. Is there anyway to whitelist this tool?
The precise alert name is: "Potentially Dangerous Tool - 1827272396", but googling this does not give me much.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
nsinghvirk
L4 Transporter

‎04-15-2024 09:42 AM

Hello @aholdt 

 

Thanks for reaching out on LiveCommunity!

If after analysis you have found the tool is safe and legitimate then you can create an exception for it. But while creating exception make sure to create a very granular exception. Firstly you need to identify the security module that has blocked the tool, to do that please check the "Module" field in alerts table. Once you have the module then you can create a legacy exception based on software name and location. Also you can target this exception to particular profile which applies to group of endpoints on which you are going to use this tool.

Reference- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-L...

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
nsinghvirk
L4 Transporter

‎04-15-2024 09:42 AM

Hello @aholdt 

 

Thanks for reaching out on LiveCommunity!

If after analysis you have found the tool is safe and legitimate then you can create an exception for it. But while creating exception make sure to create a very granular exception. Firstly you need to identify the security module that has blocked the tool, to do that please check the "Module" field in alerts table. Once you have the module then you can create a legacy exception based on software name and location. Also you can target this exception to particular profile which applies to group of endpoints on which you are going to use this tool.

Reference- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-L...

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

0 Likes Likes

Go to solution
aholdt
L1 Bithead
In response to nsinghvirk

‎04-16-2024 05:09 AM

This seems to do the trick. Thank you for your help.

0 Likes Likes
  • 1 accepted solution
  • 665 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks