https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517338#M2987 <P>I would also be interested, if this Feature from Cortex xdr pro is comparable to applocker.&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Mon, 10 Oct 2022 17:55:51 GMT Cyber1985 2022-10-10T17:55:51Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517289#M2980 <P>I am looking for definitive answers on whether or not exe files should be whitelisted and where they should be whitelisted within Cortex?</P> Mon, 10 Oct 2022 12:20:27 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517289#M2980 jeperjes 2022-10-10T12:20:27Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517304#M2981 <P>the files to be excluded are known windows files.&nbsp;</P> Mon, 10 Oct 2022 13:57:48 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517304#M2981 jeperjes 2022-10-10T13:57:48Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517337#M2986 <P>Maybe palo alto could bringt out a short Video for white and blacklisting paths/files?&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Mon, 10 Oct 2022 17:52:43 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517337#M2986 Cyber1985 2022-10-10T17:52:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517338#M2987 <P>I would also be interested, if this Feature from Cortex xdr pro is comparable to applocker.&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Mon, 10 Oct 2022 17:55:51 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517338#M2987 Cyber1985 2022-10-10T17:55:51Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517383#M2992 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/242931">@jeperjes</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/206384">@Cyber1985</a>&nbsp;,</P> <P>&nbsp;</P> <P>It likely depends on the used cases on what should be whitelisted. Definitely the easiest, quickest and the best whitelisted always is SH256 allow list, which is granular in itself. However, as iterated, when it comes to whitelisting executables, it would depend upon the business used case and alerts around it.&nbsp;</P> <P>&nbsp;</P> <P>Windows executables are microsoft signed application executables and because Microsoft is a highly trusted signer, Cortex XDR does not detect and examine it in the pre-exection stages(like Wildfire malware, Local Analysis).&nbsp;</P> <P>&nbsp;</P> <P>In the post execution stages, everything is examined as it leverages behavioral execution monitoring for script based, fileless attacks and exploitation events as well.&nbsp;</P> <P>&nbsp;</P> <P>We also have a process exception which has the capability to disable select protection modules for Cortex XDR depending upon the choices and used cases.&nbsp;</P> <P>&nbsp;</P> <P>Please be apprised all of the above, will be specific to targets and profiles and should be implemented very carefully</P> Tue, 11 Oct 2022 01:32:38 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517383#M2992 neelrohit 2022-10-11T01:32:38Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517640#M3009 what is the right way to enter *.exe files into whitelists, or find the<BR />hash of a file and add that to the whitelist? What is the right way to<BR />handle files to whitelist to avoid malicious files attacking a server? I<BR />am not familiar with the cortex and how they handle malwares.<BR /> Wed, 12 Oct 2022 15:52:01 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/517640#M3009 jeperjes 2022-10-12T15:52:01Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/592826#M6989 <P>yes they should.&nbsp;</P> Tue, 23 Jul 2024 19:40:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/new-to-cortex-whitelisting-files-paths-are-they-needed/m-p/592826#M6989 jeperjes 2024-07-23T19:40:14Z