Cortex XDR for Mac version 7.4.0

cancel
Showing results for 
Search instead for 
Did you mean: 

Cortex XDR for Mac version 7.4.0

L1 Bithead

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

 

Those images are of an Exceptions Security Profile - you can create a security profile using the instructions found here.

Alternatively, you can add the exceptions globally by following these instructions.

 

To see a video regarding exception creation and management, please see this video and skip to 2:42 for an in-depth walkthrough.

--gjenkins

View solution in original post

3 REPLIES 3

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

I understand that the Dylib Hijacking Protection module is preventing you from executing sanctioned software. Have you had the opportunity to create exceptions for the process in the restrictions profile for your endpoint? It would look similar to the following images. If so, what were your results?

gjenkins_1-1622564794099.png

 

gjenkins_0-1622564784624.png

 

 

--gjenkins

Hi, thanks for your reply. Actually Our support figured it out and did exactly that I suppose:

<snip>
Below has been added into allowed HASH list (as it were previously blocked by XDR
/usr/local/share/dotnet/iTerm
/usr/local/share/dotnet/dotnet
/Library/Developer/PrivateFrameworks/CoreSimulator.framework/Versions/A/Resources/Platforms/iphoneos/usr/libexec/CoreSimulatorBridge
</snip>

L4 Transporter

@larsoleruben wrote:

Hi
I am using a MAC with BigSur version 11.4 and Cortex XDR for Mac version 7.4.0
Suddenly I am no loger able to debug in Xcode, since the debug server i killed by Cortex.
Also when I debug from VSCode in C# I get a notification, but debugging does take place.
So basically my Mac is so safe that it is unusable. How can I get solve this?

Error message:
Dylib-hijacking attempt detected

Details
Prevention ID
: fe1bb230-9eaf-4590-ab0b-507053bc0b8a

Machine name: Taken away

OS Name: macOS

OS Version: OS X 11.4.0

Cortex XDR version: 7.4.0.2226

Dump path: N/A

Content Version: 182-59165

Mode: Terminate

Module name: Dylib-Hijacking Protection

Date: 31/05/2021, 23.57.34

Verdict: Not Available

Source Process ID: 2397

Source Process Command-Line: N/A

Source User Name: larschristoffersen


Hi @larsoleruben,

 

Those images are of an Exceptions Security Profile - you can create a security profile using the instructions found here.

Alternatively, you can add the exceptions globally by following these instructions.

 

To see a video regarding exception creation and management, please see this video and skip to 2:42 for an in-depth walkthrough.

--gjenkins

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!