topic Cortex XDR don't alert when using WinPeas.bat in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-don-t-alert-when-using-winpeas-bat/m-p/541820#M4323 <P>Good morning,<BR />We have noticed that when using LinPEAS on Linux systems, Cortex XDR reacts, blocks and alerts. However, using WinPEAS bat script on Windows systems is not detected by Cortex.&nbsp;However winpeas.exe is blocked immediately.&nbsp;</P> <P>For testing purposes we used linpeas.sh and winpeas.bat from:</P> <P><A href="https://github.com/carlospolop/PEASS-ng" target="_blank">carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors) (github.com)</A></P> <P>Why Cortex doesn't react when malicious .bat script is used?</P> <P>Thanks in advance.</P> Thu, 11 May 2023 07:11:05 GMT wbpdki 2023-05-11T07:11:05Z Cortex XDR don't alert when using WinPeas.bat https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-don-t-alert-when-using-winpeas-bat/m-p/541820#M4323 <P>Good morning,<BR />We have noticed that when using LinPEAS on Linux systems, Cortex XDR reacts, blocks and alerts. However, using WinPEAS bat script on Windows systems is not detected by Cortex.&nbsp;However winpeas.exe is blocked immediately.&nbsp;</P> <P>For testing purposes we used linpeas.sh and winpeas.bat from:</P> <P><A href="https://github.com/carlospolop/PEASS-ng" target="_blank">carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors) (github.com)</A></P> <P>Why Cortex doesn't react when malicious .bat script is used?</P> <P>Thanks in advance.</P> Thu, 11 May 2023 07:11:05 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-don-t-alert-when-using-winpeas-bat/m-p/541820#M4323 wbpdki 2023-05-11T07:11:05Z Re: Cortex XDR don't alert when using WinPeas.bat https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-don-t-alert-when-using-winpeas-bat/m-p/542085#M4344 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/291016">@wbpdki</a>, thank you for writing to Live Community.<BR /><BR />You're saying Winpeas.exe was blocked&nbsp;<SPAN>immediately, but&nbsp;WinPEAS bat script went undetected?&nbsp;<BR /><BR />Please allow me some time to test it and get back to you.</SPAN></P> Sun, 14 May 2023 13:51:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-don-t-alert-when-using-winpeas-bat/m-p/542085#M4344 mavraham 2023-05-14T13:51:04Z