03-03-2024 03:11 PM
Following the Cortex XDR Windows agent update to 8.3.0.49434 we started to see the following error affecting some application DLLs.
Clicking Ok makes the message go away and the application keeps working. TAC case was logged and an temporary Support Exception was added and applied to some affected hosts. This seemed to stop the error.
Wondering if anyone else is experiencing the same or similar issue? This affects approx. 2 DLLs on two separate applications of ours. I'd like to see a fix come in the form of an update to the Cortex XDR client, as applying a temporary support exception doesn't seem like a viable long term solution.
03-12-2024 06:40 AM
Would you know where one would obtain this "SUEX "?
Cheers
jc
03-12-2024 08:36 AM
1) On effected machines, downgraded from 8.3.0 to 8.2.1
2) In CortexXDR Console created a policy preventing agent to be upgraded
3) Added effected machines to the policy
No more annoying popups. Waiting for new version.
03-17-2024 10:15 PM
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008XKOCA2
FYI : The new KB posted which related to this issue.
03-19-2024 11:06 AM
The PAN article says:
But no indication is given how to do that, so it is not helpful.
03-20-2024 04:43 AM
The whitelisting workaround works if there is a security product injecting DLLs in Cortex processes. But in case it is for example TeamViewer or another software's DLL, this is unfeasible because they do not have a whitelist to configure.
03-20-2024 11:41 AM
So I fixed our obseverd "cytray.exe - bad image' issue with a remote access software's pop up by white listing the .dll in the malware profile targeting the endpoints.
*(your tenant here).paloaltonetworks.com/exceptions-configuration/legacy-disable-prevention-rules should take you to where you can create your .DLL exception
Note I am not a Cortex XDR expert but this resolved our erronious and annoying popups
03-20-2024 02:11 PM
JoTrip, Thanks for posting. I tried your method with our Teamviewer .DLL but it didn't work unfortunately...
03-25-2024 06:30 AM
Anyone hear of a more concrete date yet this is to be released?
03-26-2024 06:42 PM - edited 03-26-2024 06:44 PM
Agree @GrazianoG - not a feasible solution for applications like Teamviewer and 99.999999% of other apps out there.
03-26-2024 06:43 PM
None @CraigV123 - last I heard at the closure of my support ticket was "late March". I'm checking our tenant for the release of the updated version of the agent daily.
03-27-2024 03:51 AM
@cskoien same here. I appreciate the feedback. Support created me a support exception which seemed to fix the issue on the 1 application we were seeing it on. I'm curious how many more there will be though.
04-03-2024 10:46 PM
This is gone or the link is not working for me at least.
04-03-2024 10:56 PM
@DanRoberts Not working for me anymore either, maybe it got pulled? It wasn't a viable solution to begin with.
04-03-2024 11:03 PM
"Late March" has long gone. Checking daily also. Still no new version available.....
04-03-2024 11:09 PM
I'm not sure if it's related but I hit the feedback button on that article when it was still available (19-03). The same day I got an email from PA asking me to elaborate on what was unclear about the article. I gave them detailed feedback about what I thought was lacking and all the things I tried to get it working. Soon after that the article disappeared.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
