Potentially Dangerous Tool Alert

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Potentially Dangerous Tool Alert

L1 Bithead

Hi

Cortex has started blocking a legitimate tool we use: certify.exe, which is part of Certify The Web, that we use to automate certificate renewal from Lets Encrypt.

I have not seen this before. Is there anyway to whitelist this tool?
The precise alert name is: "Potentially Dangerous Tool - 1827272396", but googling this does not give me much.

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @aholdt 

 

Thanks for reaching out on LiveCommunity!

If after analysis you have found the tool is safe and legitimate then you can create an exception for it. But while creating exception make sure to create a very granular exception. Firstly you need to identify the security module that has blocked the tool, to do that please check the "Module" field in alerts table. Once you have the module then you can create a legacy exception based on software name and location. Also you can target this exception to particular profile which applies to group of endpoints on which you are going to use this tool.

Reference- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-L...

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @aholdt 

 

Thanks for reaching out on LiveCommunity!

If after analysis you have found the tool is safe and legitimate then you can create an exception for it. But while creating exception make sure to create a very granular exception. Firstly you need to identify the security module that has blocked the tool, to do that please check the "Module" field in alerts table. Once you have the module then you can create a legacy exception based on software name and location. Also you can target this exception to particular profile which applies to group of endpoints on which you are going to use this tool.

Reference- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-L...

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

This seems to do the trick. Thank you for your help.

  • 1 accepted solution
  • 611 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!