https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/mac-offline-scan/m-p/564596#M5488 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/327550">@EricBjurstrom</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for reaching out to Palo Alto Live Community.</P> <P>&nbsp;</P> <P>In case your endpoint is compromised then you can first isolate the compromise endpoint.&nbsp;<SPAN>When you isolate an endpoint, you halt all network access on the endpoint except for traffic to&nbsp;</SPAN><SPAN class="phrase">Cortex XDR</SPAN><SPAN>. This can prevent a compromised endpoint from communicating with other endpoints thereby reducing an attacker’s mobility on your network.</SPAN> please refer the document below for more information:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Isolate-an-Endpoint" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Isolate-an-Endpoint</A></P> <P>&nbsp;</P> <P>After isolating the endpoint you can run the malware scan on a compromised endpoint, please refer the document below for more information about malware scan:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware</A></P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>&nbsp;</P> <P>Please mark the response as "Accept as Solution"</P> Tue, 07 Nov 2023 06:43:15 GMT dbahuguna 2023-11-07T06:43:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/mac-offline-scan/m-p/564540#M5485 <P>We have a mac that we suspect may be compromised.&nbsp; We would like to run a scan with the device offline and not connected to our network.</P> <P>&nbsp;</P> <P>How would we go about doing this?</P> Mon, 06 Nov 2023 18:11:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/mac-offline-scan/m-p/564540#M5485 EricBjurstrom 2023-11-06T18:11:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/mac-offline-scan/m-p/564596#M5488 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/327550">@EricBjurstrom</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for reaching out to Palo Alto Live Community.</P> <P>&nbsp;</P> <P>In case your endpoint is compromised then you can first isolate the compromise endpoint.&nbsp;<SPAN>When you isolate an endpoint, you halt all network access on the endpoint except for traffic to&nbsp;</SPAN><SPAN class="phrase">Cortex XDR</SPAN><SPAN>. This can prevent a compromised endpoint from communicating with other endpoints thereby reducing an attacker’s mobility on your network.</SPAN> please refer the document below for more information:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Isolate-an-Endpoint" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Isolate-an-Endpoint</A></P> <P>&nbsp;</P> <P>After isolating the endpoint you can run the malware scan on a compromised endpoint, please refer the document below for more information about malware scan:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Scan-an-Endpoint-for-Malware</A></P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>&nbsp;</P> <P>Please mark the response as "Accept as Solution"</P> Tue, 07 Nov 2023 06:43:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/mac-offline-scan/m-p/564596#M5488 dbahuguna 2023-11-07T06:43:15Z