01-05-2023 08:29 PM
Hello,
We have noticed that the user can simply exit the XDR on the system tray. Is there any way to block the exit button with admin rights or any way possible to avoid stopping the app?
01-05-2023 10:24 PM - edited 01-05-2023 10:35 PM
Hi @Seth_Sakshi ,
Thank you for writing to live community!
Clicking on "Exit" will cause only the agent tray icon process to close and not the XDR process itself. Because it is enforced in the policy, the end user will again get the tray icon after reboot. You can try it by exiting the tray icon, but you should still be able to see the XDR agent connected on the Cortex XDR console. alternatively, you can take CLI and run "cytool runtime query" to check the agent service running status.
While, there is no control on XDR to not allow "Exit" button be hit, what can be alternatively done, is that we can hide the tray icon once and for all in the agent settings configuration so that end users do not see it at all. This ensures security as insiders do not know of your security solution being used(unless they get blocked and get the notification popup).Also, it solves the problem, where you do not want people to click on "Exit". Check the screenshot for reference on how to configure the tray icon setting.
Please mark this response as "Accept as Solution" if it helps with your query.
Regards.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
