https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/codemeter-protected-application-error-quot-jvmti-quot-when-using/m-p/512661#M2673 <P>The Java Application i am developing is using WIBU CodeMeter Software to prevent Hacker attacks.</P> <P><A href="https://www.wibu.com/us/products/codemeter.html" target="_blank" rel="noopener">CodeMeter from Wibu-Systems: Secure protection &amp; license management of software and digital content: Wibu-Systems</A></P> <P>&nbsp;</P> <P>Currently we protect the application, so that no one can establish a Debug Connection with the JavaVM to be able to read/change values hold in memory.</P> <P>&nbsp;</P> <P>CodeMeter is using the JVMTI interface for blocking these kind of attacks.</P> <P>&nbsp;</P> <P>We have released an application 3 years ago and it always worked, but since 2 weeks the same application can not be started anymore, after Cortex XDR was updated.</P> <P>It seems that the Cortex XDR Virus Scanner is also trying to use the JVMTI interface and because 2 application trying to "manipulate" my application the application breaks.</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Do you now an option/configuration/module which i can de-activate in CortexXDR to prevent the JVMTI usage?</LI> <LI>Is there something like an "Injection-Module" which can be de-activated for java.exe applications?</LI> </OL> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 23 Aug 2022 13:33:44 GMT MarkusL 2022-08-23T13:33:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/codemeter-protected-application-error-quot-jvmti-quot-when-using/m-p/512661#M2673 <P>The Java Application i am developing is using WIBU CodeMeter Software to prevent Hacker attacks.</P> <P><A href="https://www.wibu.com/us/products/codemeter.html" target="_blank" rel="noopener">CodeMeter from Wibu-Systems: Secure protection &amp; license management of software and digital content: Wibu-Systems</A></P> <P>&nbsp;</P> <P>Currently we protect the application, so that no one can establish a Debug Connection with the JavaVM to be able to read/change values hold in memory.</P> <P>&nbsp;</P> <P>CodeMeter is using the JVMTI interface for blocking these kind of attacks.</P> <P>&nbsp;</P> <P>We have released an application 3 years ago and it always worked, but since 2 weeks the same application can not be started anymore, after Cortex XDR was updated.</P> <P>It seems that the Cortex XDR Virus Scanner is also trying to use the JVMTI interface and because 2 application trying to "manipulate" my application the application breaks.</P> <P>&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Do you now an option/configuration/module which i can de-activate in CortexXDR to prevent the JVMTI usage?</LI> <LI>Is there something like an "Injection-Module" which can be de-activated for java.exe applications?</LI> </OL> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 23 Aug 2022 13:33:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/codemeter-protected-application-error-quot-jvmti-quot-when-using/m-p/512661#M2673 MarkusL 2022-08-23T13:33:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/codemeter-protected-application-error-quot-jvmti-quot-when-using/m-p/512838#M2682 <P>Hi MarkusL,<BR /><BR />Yes, for this you will need to navigate to your Exploit Protection Profiles and under the "Known Vulnerable Processes Protection" module you will see "Java Deserialization Protection" with a default setting of "Enabled". By disabling that specific protection for the effected hosts I believe your issue will be resolved.</P> Wed, 24 Aug 2022 13:32:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/codemeter-protected-application-error-quot-jvmti-quot-when-using/m-p/512838#M2682 bbucao 2022-08-24T13:32:44Z