https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/510367#M2412 <P>Thank you for your answer!&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Sun, 31 Jul 2022 14:56:43 GMT Cyber1985 2022-07-31T14:56:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/509813#M2388 <P>Hello dear live Community!&nbsp;</P> <P>&nbsp;</P> <P>I found a very interesting link on Twitter and would like to know if there is any detection and/or prevention for this technique?</P> <P>&nbsp;</P> <P><A href="https://synzack.github.io/Blinding-EDR-On-Windows/" target="_blank">https://synzack.github.io/Blinding-EDR-On-Windows/</A></P> <P>&nbsp;</P> <P>BR&nbsp;</P> <P>&nbsp;</P> <P>Rob</P> Mon, 25 Jul 2022 16:58:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/509813#M2388 Cyber1985 2022-07-25T16:58:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/510290#M2409 <P><SPAN>Hi Rob!</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you for submitting this coverage inquiry.</SPAN></P> <P>&nbsp;</P> <P><SPAN>On Windows operating systems, Cortex XDR operates in the kernel space only. Because the Blinding EDR technique in the blog assumes that the EDR operates in the user space, this technique is not applicable to Windows endpoints running Cortex XDR.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Cortex XDR offers many valuable endpoint protection modules that may prove to be useful for this type of attack technique, such as tamper protection, behavioral threat protection, malicious file scanning, vulnerable driver protection, etc. Our engineers would love to investigate any proof-of-concept that you may have regarding the technique and can be reached out via support at support.paloaltonetworks.com.</SPAN></P> Fri, 29 Jul 2022 13:10:23 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/510290#M2409 mfakhouri 2022-07-29T13:10:23Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/510367#M2412 <P>Thank you for your answer!&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Sun, 31 Jul 2022 14:56:43 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/tamper-protection-question/m-p/510367#M2412 Cyber1985 2022-07-31T14:56:43Z