To put the issue in simple terms, I have been restoring items from the Xcitium Qurantine and pressed yes on the option to exclude them from scans however after reboot it still detects the file and qurantines it and I can see that the exception has not been saved.
I am on Windows 11 23H2(22631.2861) and my program version is 13.0.0.9449.
hi @ninjatall12
You can create a rule under security components to avoid the file being deducted and quarantined again ,
For creating a File Group and adding exclusions under Security components, please follow the steps mentioned in the below article:
https://wiki.xcitium.com/frontend/web/topic/how-to-define-file-groups-as-exclusions-to-antivirus-firewall-hips-and-containment
if you find that files are still being quarantined then request you to capture logs and share it with us to support@xcitium.com to investigate further .
Here is the download link for the cisreporttool :
http://download.comodo.com/cis/download/installs/cisreporttool/cisreporttool.exe
If you run the cisreporttool locally on the endpoint, an output file will be stored in the location where you run the tool from.
Please share the cisreporttool logs in the support ticket along with device name so we can further investigate,
@ninjatall12, are the files being quarantined as malicious? Perhaps you could post a screen shot?
hi @ninjatall12
I have checked that you have raised ticket regarding the issue - 36363 ,
as you are still facing the issue even after update of the XCS , the support team provided you with removal tool with which you can remove the reminants of XCS fully and reinstall the XCS freshly once again and test , if in case you face the same issue even after that the backend team has requested you to collect fresh logs and share it with them
I suggest you obtain the SHA1 file hash from the logs and search for it on virustotal.com and Cloud Verdict Customer Login | Xcitium Cloud Verdict to confirm how they both rate file.
On the Xcitium site, if you believe it is a false positive, you can choose ‘send to human expert for analysys’
@nivedithab, since this is rated as a malicious file, the threats lab need to check the file to see if it is a false positive or an actual malicious file.
yes @nct , the team would require the sha1 details to analyse if its false positive or an actual malicious file,
