Accessing Files While Scanning

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Accessing Files While Scanning

L1 Bithead

Hello, this might be a dumb question but I'm trying to find any documentation that might back it up.

 

Basically, when conducting a system scan some apps can't be executed because they try to access certain .dll files which are being used or are open by Cortex XDR. I just want to make sure this is expected behavior and if there's any workaround.

 

Thanks!

1 accepted solution

Accepted Solutions

L4 Transporter

Hi Samuraihack,

 

While traditional anti-virus software may have locked files during its scanning, it would be more accurate to say that there are multiple components within the Cortex XDR's multi-method protection approach, preventing a process from running or functioning successfully if the proper exceptions have not been made. Information about the file analysis and protection flow can be found here.

 

Creating rule exceptions would be the next step to permit your software to run after determining through your investigations which Cortex XDR Agent module is preventing the software from executing successfully. I will note that this investigation may require advanced knowledge of the environment and an intermediate understanding of the architecture for the Cortex XDR Agent.

 

Please have a look at the following video to learn more. 

Exceptions in TMS and Cortex XDR
Note: The Cortex XDR portion begins at 2:41.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

View solution in original post

2 REPLIES 2

L4 Transporter

Hi Samuraihack,

 

While traditional anti-virus software may have locked files during its scanning, it would be more accurate to say that there are multiple components within the Cortex XDR's multi-method protection approach, preventing a process from running or functioning successfully if the proper exceptions have not been made. Information about the file analysis and protection flow can be found here.

 

Creating rule exceptions would be the next step to permit your software to run after determining through your investigations which Cortex XDR Agent module is preventing the software from executing successfully. I will note that this investigation may require advanced knowledge of the environment and an intermediate understanding of the architecture for the Cortex XDR Agent.

 

Please have a look at the following video to learn more. 

Exceptions in TMS and Cortex XDR
Note: The Cortex XDR portion begins at 2:41.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

Thanks for the reply! This certainly clarifies my doubt. We offered our customer the option to reschedule the scans to a more convenient time or to configure the required exceptions.

  • 1 accepted solution
  • 3111 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!