https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578465#M6160 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/417995851">@S.Jagushte774563</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>1- Maybe the best option here is to create a BIOC rule using the VMware/VBox/x installer signatures to block the execution.</P> <P>2- I don't get this one, you mean install the agent in non-persistent sessions? Here is a procedure for that in our doc:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Cortex-XDR-Agent-for-Virtual-Environments-and-Desktops" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Cortex-XDR-Agent-for-Virtual-Environments-and-Desktops</A></P> Tue, 27 Feb 2024 12:43:56 GMT jmazzeo 2024-02-27T12:43:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578432#M6150 <P>&nbsp;</P> <P>Hello,</P> <P>&nbsp;</P> <P>Does anyone have a solution for protecting Endpoint/Hosts from installed virtual machine's access to host resources or file sharing into hosts for the given scenarios</P> <P>1. Cannot block installation of VM ware category applications or path.</P> <P>2. Cannot install persistent or non persistent VDI agents</P> <P>&nbsp;</P> Tue, 27 Feb 2024 08:30:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578432#M6150 S.Jagushte774563 2024-02-27T08:30:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578465#M6160 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/417995851">@S.Jagushte774563</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>1- Maybe the best option here is to create a BIOC rule using the VMware/VBox/x installer signatures to block the execution.</P> <P>2- I don't get this one, you mean install the agent in non-persistent sessions? Here is a procedure for that in our doc:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Cortex-XDR-Agent-for-Virtual-Environments-and-Desktops" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Cortex-XDR-Agent-for-Virtual-Environments-and-Desktops</A></P> Tue, 27 Feb 2024 12:43:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578465#M6160 jmazzeo 2024-02-27T12:43:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578593#M6182 <P>Hello Jmazzeo,</P> <P>&nbsp;</P> <P>Thankyou for taking notice. I will further explain my problem.</P> <P>&nbsp;</P> <P>Our Endpoints have XDR agents installed now prevention, restriction and extension policies are in place working fine. After installing VMware type software and running a Virtual OS, access to USB and copying data/file to the host OS is possible. Which means the policies stay ineffective. I want a solution to this problem without restricting installation of such software.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 28 Feb 2024 06:36:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578593#M6182 S.Jagushte774563 2024-02-28T06:36:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578617#M6186 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/417995851">@S.Jagushte774563</a>&nbsp;,</P> <P>&nbsp;</P> <P>XDR agent being installed on the Endpoint will not have control over the VM until and unless it has XDR agent installed on it. Hence, to block the USB access your VM must has Cortex XDR agent installed.</P> <P>Also XDR being not a DLP solution, we don't have a control on data flow. This is DLP functionality.</P> <P>&nbsp;</P> <P><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> Wed, 28 Feb 2024 09:54:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/endpoint-protection-from-virtual-applications-like-vm-ware/m-p/578617#M6186 aspatil 2024-02-28T09:54:56Z