Cortex XDR catches the fences exe file as a non-secure application

March 27, 2024 3:39 AM from

Hi,

Recently I get popups from cytray.exe (part of Cortex XDR / Antivirus) about FencesMenu64.dll not being a valid image and then throws an error. Everything looks to work as expected afterwards but the error is annoying. According to a forum thread on Palo Alto someone got the following answer from Cortex XDR support:

Information from TAC:

"This is caused by a new feature enabled in 8.3, where we check the signature level of every DLL loaded into cytray.exe. The application's DLL must be unsigned or with a lower trusted level, which will result in the DLL being blocked by us and this pop-up to show. hence we have provided the SUEX to disable the feature.

At the moment the engineering team does not consider this issue as an actual bug inside the product, but rather a by-design behavior.

I would like to inform you that it might be fixed in the upcoming version of the XDR Agent, but we do not have an ETA for this."

Could there be any problems with the certificate signing of the dll's on Fences? It's mostly an annoyance but it could be nice without the error every time log into Windows.

/Christian

9,224 views 4 replies

Reply #1 March 27, 2024 6:22 AM from

Stardock Forums Top

Hello,
I have forwarded your problem/question to Stardock Support Team for their assistance. Please keep an eye on this thread for any updates. We appreciate your feedback and patience.

Basj,
Stardock Community Assistant

Reply #2 March 27, 2024 6:28 AM from

Stardock Forums Top

This has been reported several times and here are the posts.

https://forums.stardock.com/526329/page/1/#3922760

https://forums.stardock.com/526456/page/1/#3923071

https://forums.stardock.com/526357/page/1/#3923084

Hope this helps.

Groupy 2 - Organize multiple applications into grouped tabs on your Windows desktop

Reply #3 March 27, 2024 7:08 AM from

Stardock Forums Top

Their engineering team are wrong, it is indeed a bug their end impacting a number of applications.

Hopefully they will resolve it soon, otherwise it might be worth considering an alternative product to Cortex XDR.

Reply #4 April 13, 2024 2:21 PM from

Stardock Forums Top

FYI:

Palo Alto Networks zero-day exploited since March to backdoor firewalls

From: BleepingComputer April 12, 2024

https://www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

From BleepingComputer

April 12, 2024

https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks/

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!