- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-03-2024 09:48 AM
Hi community,
I am attempting with restricting the execution of vulnerable applications.
Is it possible to block a specific application version using BIOC associated with restriction profile?
(Or if there's another easy way to do this please let me know)
10-03-2024 10:51 AM
Hi @Hisashi_Abe
Thank you for reaching out to the Live community!
You can use the restriction profile and call the executable/application there - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-R...
In case if you are looking to block the specific version of that application then you may need to check the hash of that version which may be unique with each release so that you can add it to the block list - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-File...
For more granular restriction you can check for other parameters/variables of that application and make use of BIOC rules by adding them to the restriction profile.
Please click Accept as Solution to acknowledge If this answer added value to your question.
10-03-2024 10:51 AM
Hi @Hisashi_Abe
Thank you for reaching out to the Live community!
You can use the restriction profile and call the executable/application there - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-R...
In case if you are looking to block the specific version of that application then you may need to check the hash of that version which may be unique with each release so that you can add it to the block list - https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-File...
For more granular restriction you can check for other parameters/variables of that application and make use of BIOC rules by adding them to the restriction profile.
Please click Accept as Solution to acknowledge If this answer added value to your question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!