cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

cortex-xdr-payload.exe access lsass.exe

Hi guys, 

I received an alert regarding cortex-xdr-payload.exe accessing lsass.exe. The full path is: below: C:\ProgramData\Cyvera\LocalSystem\Download\protected_payload_execution\cortex-xdr-payload.exe

From my research, the legitimate cortex-xdr-payload.exe is used for offline triage collection, but I haven’t found any references to other related functionalities.

I would like to confirm:

1. Is the file path valid?

2. Is this a legitimate process for checking lsass.exe?

3. Is it possible to schedule this process? I noticed that the alert appears at the same time consistently.

Looking forward to your insights.

 

Who Me Too'd this topic