Cortex XDR for Mac version 7.4.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR for Mac version 7.4.0

L0 Member

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen

1 accepted solution

Accepted Solutions

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

 

Those images are of an Exceptions Security Profile - you can create a security profile using the instructions found here.

Alternatively, you can add the exceptions globally by following these instructions.

 

To see a video regarding exception creation and management, please see this video and skip to 2:42 for an in-depth walkthrough.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

View solution in original post

3 REPLIES 3

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

I understand that the Dylib Hijacking Protection module is preventing you from executing sanctioned software. Have you had the opportunity to create exceptions for the process in the restrictions profile for your endpoint? It would look similar to the following images. If so, what were your results?

gjenkins_1-1622564794099.png

 

gjenkins_0-1622564784624.png

 

 

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

Hi, thanks for your reply. Actually Our support figured it out and did exactly that I suppose:

<snip>
Below has been added into allowed HASH list (as it were previously blocked by XDR
/usr/local/share/dotnet/iTerm
/usr/local/share/dotnet/dotnet
/Library/Developer/PrivateFrameworks/CoreSimulator.framework/Versions/A/Resources/Platforms/iphoneos/usr/libexec/CoreSimulatorBridge
</snip>

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

 

Those images are of an Exceptions Security Profile - you can create a security profile using the instructions found here.

Alternatively, you can add the exceptions globally by following these instructions.

 

To see a video regarding exception creation and management, please see this video and skip to 2:42 for an in-depth walkthrough.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw
  • 1 accepted solution
  • 6480 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!