05-28-2026 12:16 PM
Hello everyone,
Has anyone seen this process appear in Cortex XDR?
C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22603.1401.4.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe
It’s showing up on an endpoint, but Cortex XDR isn’t providing any additional details, alerts, or related events. Before I dismiss it, I want to confirm whether this is expected behavior or if anyone has seen suspicious activity tied to this executable.
Any insight is appreciated.
06-01-2026 02:39 AM
Hello,
Yes, we are having the same issue, and we are following with the support they recommended to add an exception. not yet added.
there are multiple processes related to Microsoft but without any signature, even though the process in it's correct path.
06-01-2026 04:48 AM
We also have the same issue. We saw 3 different hashes for "StoreExperienceHost.exe" over the past 6 weeks. It's always a Local Analysis Malware alert. The WildFire verdict is then benign, so no action is really needed, but still annoying to get these alerts.
06-02-2026 02:16 PM
We are seeing the same exact thing here in our shop. Palo did eventually give us a SUEX file to quiet the noise. I'd prefer that they fix whatever is determining that file to be suspicious. This is not the first time we've had something similar happen with MS Store files.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
