https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-question/m-p/536751#M3968 <P>Hello, Everyone!</P> <P>I would like to know how this can be implemented - I want to block suspicious remote control applications (BIOC) Cortex XDR.</P> <P>&nbsp;</P> <P><SPAN>I want a reply from the Palo Alto official. Thanks.</SPAN></P> <P>&nbsp;</P> Tue, 28 Mar 2023 04:56:59 GMT Jerome_Detona 2023-03-28T04:56:59Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-question/m-p/536751#M3968 <P>Hello, Everyone!</P> <P>I would like to know how this can be implemented - I want to block suspicious remote control applications (BIOC) Cortex XDR.</P> <P>&nbsp;</P> <P><SPAN>I want a reply from the Palo Alto official. Thanks.</SPAN></P> <P>&nbsp;</P> Tue, 28 Mar 2023 04:56:59 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-question/m-p/536751#M3968 Jerome_Detona 2023-03-28T04:56:59Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-question/m-p/536766#M3972 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/254598">@Jerome_Detona</a>&nbsp;I recommend you to go through <A href="https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/blocking-file-execution-based-on-nameand-or-bioc-ioc/td-p/441563" target="_blank">this thread</A> which describes in detail on how to block hashes without or without BIOC.</P> <P>&nbsp;</P> <P>The question lies in how you go about determining what is "suspicious". Once you have the hash, you can add it to Global Block lists, or via Restriction Profiles for selected endpoints.</P> Tue, 28 Mar 2023 08:07:28 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-question/m-p/536766#M3972 bbarmanroy 2023-03-28T08:07:28Z