Are seeing the following in Cortex XDR
'Threat ID #348815361' generated by PAN NGFW detected on host 10.x.x.x involving user ZZZZ\first.last
Threat ID: 2418537
Current Release: 3394 (2020-06-28 UTC)
First Release: 3394 (2020-06-28 UTC)
Unfortunately it seems that its not at all uncommon for OneDriveSetup.exe to be flagged by PAN AntiVirus Threats as a generic W32 Virus. Seen this happen in June, also back in April. Is there a known reason why PAN A/V Threats continue to "misfire" on this?
@hisingh is this anything you have already heard or been aware of? I see you were involved in a prior discussion of this False Positive, back in April
History of this in the instance of Cortex XDR that I currently have access to from my customer. I do not have access to their Panorama or their NGFW configs, thus can not obtain capture at this time.
Solved! Go to Solution.