https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/480764#M1878 <P>Hello,</P><P>I am looking to enable the "<SPAN>Java Deserialization Protection" in my exploit profile.</SPAN></P><P>&nbsp;</P><P><SPAN>I see the default is to leave it disabled.</SPAN></P><P>&nbsp;</P><P><SPAN>anyone else have this enabled?</SPAN></P><P><SPAN>any advise or experience working with this?&nbsp;&nbsp;</SPAN></P> Mon, 18 Apr 2022 17:00:50 GMT P.Jacob 2022-04-18T17:00:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/480764#M1878 <P>Hello,</P><P>I am looking to enable the "<SPAN>Java Deserialization Protection" in my exploit profile.</SPAN></P><P>&nbsp;</P><P><SPAN>I see the default is to leave it disabled.</SPAN></P><P>&nbsp;</P><P><SPAN>anyone else have this enabled?</SPAN></P><P><SPAN>any advise or experience working with this?&nbsp;&nbsp;</SPAN></P> Mon, 18 Apr 2022 17:00:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/480764#M1878 P.Jacob 2022-04-18T17:00:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/480775#M1879 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97798">@P.Jacob</a>&nbsp;,</P><P>Im not sure if your post is because your organization works with Spring Framework which is affected as you know by a recent reported vulnerability (see&nbsp; <A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965" target="_blank" rel="noopener"><SPAN>CVE-2022-22965</SPAN></A>&nbsp;for more information).&nbsp;</P><P>If possitive to the former, we at PANW&nbsp; highly recommend to upgrade your spring framework to the release/s <SPAN>5.3.18 and 5.2.20 and also your Cortex XDR agents to the latest release, and more specifically to release 7.7and content above&nbsp;470-88704.</SPAN></P><P>&nbsp;</P><P>If somebody tries to exploit this vulnerability , it will be blocked by the Java Deserialization Exploit protection module, which will be active if you enable Known Vulnerable Processes Protection at the Linux Exploit Security profile.</P><P>Please check that&nbsp; "Known Vulnerable Processes Protection" module is set to block, so that exploitation attempt is blocked and you will get an alert&nbsp; of the type Suspicious Input Deserialization.</P><P>&nbsp;</P><P>Hope this helps,&nbsp;</P><P>Luis</P><P>&nbsp;</P> Mon, 18 Apr 2022 17:52:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/480775#M1879 eluis 2022-04-18T17:52:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/481166#M1889 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190764">@eluis</a>&nbsp;thanks for the reply back man! I was just thinking that if its an available option now for windows if it would be good to enable it... I have read up on what it is but don't really understand fully what it is and what it does. I think for now I will just work on the "OpenSSL Infinite Loop Vulnerability" and put this on the back burner.&nbsp;&nbsp;</P> Tue, 19 Apr 2022 23:46:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/481166#M1889 P.Jacob 2022-04-19T23:46:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/481182#M1891 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97798">@P.Jacob</a>&nbsp;If you have Java application using spring framework, i would assume it will be good to turn on this policy on your test system and work from there to implement to your live systems.</P> Wed, 20 Apr 2022 00:37:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/java-deserialization-protection/m-p/481182#M1891 KanwarSingh01 2022-04-20T00:37:12Z