False positive detection

I'm representing a productivity management software manufacturer and I'm sumbitting this request  to report that our software is being flagged as malware, but this result is a false positive. Please, can you help us?

• File HASH: 8475477dd7cdb0493e2d5d

Usercentric.Exe on MS Teams

Hi,

There are recent articles on MS Teams security incident. Attackers attach usercentric.exe files to Teams chats to install a Trojan on the end-user's computer. This Trojan is then used to install malware that self-administers the computer.

Does Co

Cortex XDR Delete Malware

Hello 

i see alert malware in incident report . how i can delete malware from Cortex XDR admin portal. 

Agent version 7.0.2

XDR external syslog encryption

Hi all,

Im trying to set up encrypted communication to a syslog server from the XDR using a self signed certificate.

However I cant seem to get it to work - the XDR says that no connection is available.

I should note that without the certificate, on reg

cyvrlpc.sys caused a bugcheck (BSOD) on Server 2012 R2

We use Cortex XDR 7.5.x and unexpectedly we have at least 1 system which faulted the whole OS and it rebooted due to a bugcheck, blue screen of death. After debugging the minidump file, it indicates that cyvrlpc.sys caused this BSOD.

Why would this h

Dynamic endpoint groups using OUs stored in Azure AD

Hi all,

My question is if there is any way to synchronize the OUs stored in an Azure AD into the cortex XDR pro to then create dynamic Endpoint Groups using that OUs. The synchronization between Cortex and Azure is successfull but I can't see any OU.

Cortex XDR Exclusions vs Exceptions

Hello all,

Exclusions versus Exceptions, why is excluding an alert so much easier than creating an exception when it should be the opposite? 

According to Palo Alto, "If you do not want Cortex XDR to display alerts that match certain criteria, you ca

Searching Endpoints

If I want to search all endpoints for foobar.txt in XQL what would that look like? I've tried to search for the hash

dataset = endpoints
| filter sha256() = "90be1c2c0fc5c36b3e10dcd89a8cda61462cb420a043a5759a7e1e3bba3eee38"

The file path and neither s

Different process exception on Exception Profile and Folder Allow List on Malware profile

Hi Expert,

Please give me advice, So I have assesment for exclusion folder and file .exe and file etc extension.

The asessment from Sophos for agent existing my customer.

The example exclusion files like a below :

C:\Windows\System32\backgroundTaskHos

How does XDR quota for data?

How does XDR allocate quotas for data? My license is 5TB and dataset management shows that I have used 3.9TB, but I log into Datalake to check if the usage is 0. What happens if 5TB is full? Does xdr_data take up 5TB? Is it possible to set a quota or