- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-18-2023 10:22 AM
We have a security camera server that's been throwing out low memory resource messages and the company that provides the software claims that Cortex XDR endpoint client is causing memory leaks. There are no incidents being triggered by this server and the memory usage of Cortex is always under 1GB of memory. They have provided documentation that appears to be geared more toward traditional antivirus software to add folder and file exceptions from the software. I don't see in the XDR control console a place for me to make these exceptions unless there was an incident or to allow list a vendor or hash. Does this seem like they're grasping for something to be the issue or can anyone help guide me on how to add these exceptions. Below is the document they provided to help understand what they're asking of us to do.
10-18-2023 11:28 AM
Hi @JLawrence-Serra, thanks for reaching the Live Community.
You can create exceptions rules to avoid files or folder for being scanned by the XDR Agent modules.
You need to create a "Disable Prevention Rule", this is located at Settings → Exception Configuration → Disable Prevention Rules
This is the official doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Disab...
I recommend creating the rule and apply this only to the Profile that is assigned to this endpoints.
When you define the rule, note that you can use wildcards for the folder definitions. In your case, you will need to create more than one rule to cover all the required folders.
I think this can solve your inquiry.
10-18-2023 11:28 AM
Hi @JLawrence-Serra, thanks for reaching the Live Community.
You can create exceptions rules to avoid files or folder for being scanned by the XDR Agent modules.
You need to create a "Disable Prevention Rule", this is located at Settings → Exception Configuration → Disable Prevention Rules
This is the official doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Disab...
I recommend creating the rule and apply this only to the Profile that is assigned to this endpoints.
When you define the rule, note that you can use wildcards for the folder definitions. In your case, you will need to create more than one rule to cover all the required folders.
I think this can solve your inquiry.
10-18-2023 11:56 AM
Thank you very much for your help! That helped solve my problem! I appreciate the details you provided in the screen shot.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!