01-20-2026 04:12 AM
It was repported on the 13th that StoreDesktopExtension.exe was flagged as malicious by wildfire it is now being flagged as grayware and is flooding us with alerts anyone else experiencing the same?
01-20-2026 04:23 AM
This file was initially flagged by the Local Analysis module or WildFire but has since been reclassified as Benign globally.
If the alerts persist despite the global verdict being Benign, the endpoint may have a stale verdict in its local cache. You can force the agent to re-fetch the correct verdict by clearing its local database.
1) Open an administrative command prompt on the affected endpoint.
2) Stop the agent services (requires the agent uninstall password):
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" protect disable
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime stop
3) Navigate to C:\ProgramData\Cyvera\LocalSystem\Persistence3\ and delete the following files:
wf_verdicts.db
wf_verdicts.db.lru
wf_retransmissions.db
4) Restart the agent services:
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime start
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" protect enable
Let me know if your query is answered, Thank you!
01-20-2026 04:18 AM - edited 01-20-2026 04:20 AM
Nos esta pasando lo mismo con StoreDesktopExtension.exe actualmente, alguna respuesta desde Palo Alto?
727d070460fa4764822b5286b1d9b8fbb5512b6e84ad645a99cb34dcede97647
01-20-2026 04:23 AM
This file was initially flagged by the Local Analysis module or WildFire but has since been reclassified as Benign globally.
If the alerts persist despite the global verdict being Benign, the endpoint may have a stale verdict in its local cache. You can force the agent to re-fetch the correct verdict by clearing its local database.
1) Open an administrative command prompt on the affected endpoint.
2) Stop the agent services (requires the agent uninstall password):
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" protect disable
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime stop
3) Navigate to C:\ProgramData\Cyvera\LocalSystem\Persistence3\ and delete the following files:
wf_verdicts.db
wf_verdicts.db.lru
wf_retransmissions.db
4) Restart the agent services:
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime start
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" protect enable
Let me know if your query is answered, Thank you!
01-20-2026 04:26 AM
on our end it says the verdict changed today from benign to grayware. has it been changed back to benign since this?
01-20-2026 04:45 AM
It is now being flagged as benign for us
01-20-2026 06:11 AM - edited 01-20-2026 06:12 AM
Gracias por tu respuesta,
Por el momento las alertas cesaron, y en nuestra consola tambien fue marcado como Benign.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
