topic Re: Cortex XDR for Mac version 7.4.0 in Cortex XDR Discussions

Cortex XDR for Mac version 7.4.0

larsoleruben — Mon, 31 May 2021 22:01:23 GMT

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen

Re: Cortex XDR for Mac version 7.4.0

gjenkins — Tue, 01 Jun 2021 16:27:03 GMT

@larsoleruben wrote:
Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected
Details
Prevention ID: fe1bb230-9eaf-4590-ab0b-507053bc0b8a
Machine name: Taken away
OS Name: macOS
OS Version: OS X 11.4.0
Cortex XDR version: 7.4.0.2226
Dump path: N/A
Content Version: 182-59165
Mode: Terminate
Module name: Dylib-Hijacking Protection
Date: 31/05/2021, 23.57.34
Verdict: Not Available
Source Process ID: 2397
Source Process Command-Line: N/A
Source User Name: larschristoffersen

Hi @larsoleruben,

I understand that the Dylib Hijacking Protection module is preventing you from executing sanctioned software. Have you had the opportunity to create exceptions for the process in the restrictions profile for your endpoint? It would look similar to the following images. If so, what were your results?

Re: Cortex XDR for Mac version 7.4.0

larsoleruben — Tue, 01 Jun 2021 17:03:29 GMT

Hi, thanks for your reply. Actually Our support figured it out and did exactly that I suppose:

<snip>
Below has been added into allowed HASH list (as it were previously blocked by XDR
/usr/local/share/dotnet/iTerm
/usr/local/share/dotnet/dotnet
/Library/Developer/PrivateFrameworks/CoreSimulator.framework/Versions/A/Resources/Platforms/iphoneos/usr/libexec/CoreSimulatorBridge
</snip>

Re: Cortex XDR for Mac version 7.4.0

gjenkins — Tue, 01 Jun 2021 17:08:24 GMT

@larsoleruben wrote:
Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected
Details
Prevention ID: fe1bb230-9eaf-4590-ab0b-507053bc0b8a
Machine name: Taken away
OS Name: macOS
OS Version: OS X 11.4.0
Cortex XDR version: 7.4.0.2226
Dump path: N/A
Content Version: 182-59165
Mode: Terminate
Module name: Dylib-Hijacking Protection
Date: 31/05/2021, 23.57.34
Verdict: Not Available
Source Process ID: 2397
Source Process Command-Line: N/A
Source User Name: larschristoffersen

Hi @larsoleruben,

Those images are of an Exceptions Security Profile - you can create a security profile using the instructions found here.

Alternatively, you can add the exceptions globally by following these instructions.

To see a video regarding exception creation and management, please see this video and skip to 2:42 for an in-depth walkthrough.