topic Re: AV Operations through XDR in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/av-operations-through-xdr/m-p/517455#M2999 <P>Hi Aiman_Fathima,</P> <P>&nbsp;</P> <P>Full disk scanning is a legacy protection feature of EDR and is done by getting hash verdicts from WildFire for all file hashes observed on the endpoint.&nbsp; You should look to your own internal policies and procedures as well as any applicable regulatory requirements to determine frequency of scanning.</P> <P>&nbsp;</P> <P>Cortex XDR is not a legacy AV product, our protections are built around protecting an endpoint when code runs on an endpoint, including file hash verdicts, exploit protection and Behavioral Threat Protection (BTP).&nbsp; We do provide periodic scanning functionality as it is still a part of some regulatory frameworks, but the bulk of our protections are geared around protecting systems from code that is actually attempting to execute or executing on endpoints.</P> Tue, 11 Oct 2022 13:39:11 GMT afurze 2022-10-11T13:39:11Z AV Operations through XDR https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/av-operations-through-xdr/m-p/517430#M2998 <P>Hello,</P> <P>1. Please recommend the scanning period and best practices to achieve AV operations through XDR.</P> <P>2. On what basis does the malware scanning take place. Is it signature based, Hash based etc.</P> Tue, 11 Oct 2022 10:54:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/av-operations-through-xdr/m-p/517430#M2998 Aiman_Fathima 2022-10-11T10:54:06Z Re: AV Operations through XDR https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/av-operations-through-xdr/m-p/517455#M2999 <P>Hi Aiman_Fathima,</P> <P>&nbsp;</P> <P>Full disk scanning is a legacy protection feature of EDR and is done by getting hash verdicts from WildFire for all file hashes observed on the endpoint.&nbsp; You should look to your own internal policies and procedures as well as any applicable regulatory requirements to determine frequency of scanning.</P> <P>&nbsp;</P> <P>Cortex XDR is not a legacy AV product, our protections are built around protecting an endpoint when code runs on an endpoint, including file hash verdicts, exploit protection and Behavioral Threat Protection (BTP).&nbsp; We do provide periodic scanning functionality as it is still a part of some regulatory frameworks, but the bulk of our protections are geared around protecting systems from code that is actually attempting to execute or executing on endpoints.</P> Tue, 11 Oct 2022 13:39:11 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/av-operations-through-xdr/m-p/517455#M2999 afurze 2022-10-11T13:39:11Z