Hello. I run Enpass on my work MacBook. My company also uses Palo Alto Cortex XDR as an AV client.
After the upgrade to the new version on Enpass that I upgraded to this morning (Feb 2, 2021), Cortex XDR is now quarantining Enpass.
Here's some of the output from the Cortex XDR AV program:
Prevention ID: xxxxx
Machine name: xxxxx
OS Name: macOS
OS Version: OS X 10.16.0
Cortex XDR version: 7.1.2.2016
Dump path: N/A
Content Version: 165-51072
Mode: Terminate
Module name: WildFire
Date: 2/2/21, 9:07:57 AM
Verdict: Grayware
Source Process ID: 586
Source Process Command-Line: /Applications/Enpass.app/Contents/MacOS/Enpass
Source User Name: xxx