https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/response-action/m-p/547394#M4649 <P>There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.</P> <P>&nbsp;</P> <P>Which application access should ideally be provided in it.</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 27 Jun 2023 12:09:28 GMT Shahwaz_Md 2023-06-27T12:09:28Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/response-action/m-p/547394#M4649 <P>There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.</P> <P>&nbsp;</P> <P>Which application access should ideally be provided in it.</P> <P>&nbsp;</P> <P>Thanks</P> Tue, 27 Jun 2023 12:09:28 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/response-action/m-p/547394#M4649 Shahwaz_Md 2023-06-27T12:09:28Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/response-action/m-p/547424#M4653 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/236325">@Shahwaz_Md</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out to Live Community.</P> <P>&nbsp;</P> <P>When you isolate an endpoint, it will halt all network traffic except for cortex XDR traffic. "Response Actions" feature under Agent settings profile allow you to add specific applications to be allowed in case of Network Isolation.</P> <P>Allowing a specific application depends on the customer environment and use cases. There is no recommendation from our side.&nbsp;</P> <P>For example,&nbsp;</P> <UL class="itemizedlist"> <LI class="listitem"> <P>(<SPAN class="monospaced">Windows</SPAN>) For VDI sessions, using the network isolation response action can disrupt communication with the VDI host management system thereby halting access to the VDI session. As a result, before using the response action you must add the VDI processes and corresponding IP addresses to your allow list.</P> </LI> <LI class="listitem">Some customer may want Windows Update service to continue to work even in isolation.</LI> <LI class="listitem">Some may want to allow access to some other security tool e.g. DLP.</LI> </UL> <P>Please keep network access to bare minimum in case of Isolation to restrict&nbsp;<SPAN>attacker’s mobility on your network. Below is the link for your reference.</SPAN></P> <P><SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Response-Actions" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Response-Actions</A></SPAN></P> <P>&nbsp;</P> Tue, 27 Jun 2023 14:24:30 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/response-action/m-p/547424#M4653 nsinghvirk 2023-06-27T14:24:30Z