prevent exe application to install in a system via cortex xdr agent
Hi,
Can we prevent any .exe for e.g. anydesk application for installation in a system if the cortex XDR agent is installed, if it does how to configure it?
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi,
Can we prevent any .exe for e.g. anydesk application for installation in a system if the cortex XDR agent is installed, if it does how to configure it?
Hi,
Is there any way to force a policy check on an endpoint?
I have created a new Policy Rule and assigned a new set of Policy Profiles to it. I then assigned specific endpoints to this Policy Rule and the rule is #1 in the policy order tab.
The pro
...
Is there any way to include the hostname for alerts received in Slack? They are very valuable to receive on the phone late at night, but would be even better if we had a bit more information: hostname, domain, something that indicates this is a test
...
Hello!!
How are you? i need confirm an action when add exception for child process, i have several alerts for "WmiPrvSe.exe Rare Child Process" that are false positive, and im considering add to whitelist in the profile associated.
For create it i
...
Hi,
We have an environment where by we have CISCO ASA Firewalls, our Client Base would communicate with a Proxy Server and then this would pass the details onto the Firewall and the ASA Firewalls would then communicate with Cortex XDR.
As Cortex XDR
...
good day community,
I have an incident due to the execution of an excel file that contains macros.
According to the verdict and its hash the file is not a threat.
My question is the following which is the most suitable method to allow the execution of s
...
Cannot find any link for the release notes of Agent version 7.2.0.
Kind Regards,
Graeme
I noticed that my tenant space has a new option in the Windows Malware Profile under Ransomware Protection that is named "Extend Ransomware Protection to SMB Shares". I don't believe this setting was available prior tot he 7.2 release that I read ab
...
Hello, hope you are all doing well and staying safe.
Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.
...
Hello everyone,
We are looking to implement agent based firewall rules to lock down the communication between DC's and SCCM servers we have 20+ of each and I am wondering what is the most feasible way of doing that? User Guide has pretty much no guid
...
i am using the same installer on all my clients (mac) why do some of my devices have malware and exploit protection and others just malware protection?
when you first install the Cortex XDR agent on a new server (and reboot if on Windows), is it immediately 'active' and blocking suspicious processes? I was told that it ran in 'passive' mode for 30-days as it built a profile of "normal" activity for
...
Good day! community,
I have a question, what treatment is given to executables that are signed as weak hash?
I understand that cortex XDR will block its execution.
Can it be excepted considering that it is a utility software?
The hash is unaltered and W
...
Hello, beginning on or about 20 July, began to see MANY more Incidents created in Cortex XDR that looked similar to this:
Incident Description: 'Threat ID #' generated by PAN NGFW detected on host <hostName> involving xyz\UserName
(note, there is NOTHI
...
Hi experts,
Cortex now has the ability to report vulnerabilities on endpoints, currently limited to Linux endpoints.
Does anyone know if this is going to be extended to Windows and other endpoint types?
Thanks
Darren
Subject | Likes |
---|---|
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
1 Like |