This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Cortex XDR Prevent Did Not Detect ncat

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR Prevent Did Not Detect ncat

tech_noob
L1 Bithead

‎08-22-2020 07:35 PM

Hello I am new to Cortex XDR. I tried ncat on a PC with Cortex XDR Prevent (with Windows Defender) and it did not detect or stop the connection from Kali a PC. Windows Defender showed a warning and once I allowed it I was able to connect on ncat from Kali. Is Cortex XDR Prevent supposed to stop ncat or at least give me an email alert about the connection? Anybody else tried this and with the same result? I will try this with Symantec and will see if Symantec stops the ncat connection. 

 

Thank you 

 

3 people had this problem.
(1)
8 REPLIES 8

DKasabji
L2 Linker

‎09-13-2020 11:27 AM

Consider two things:

 

1. Windows Defender should be disabled on PC that runs Cortex XDR. If this does not occur automatically, disable it manually as it could intervene with Cortex XDR.

 

2. In case Cortex XDR does not indeed prevent it by default, you can always create a BIOC rule to detect NCAT and then set it as prevention rule inside the Restrictions Profile -> Custom Prevention Rules.

 

Best,

David

(1)

EddieRowe
L2 Linker
In response to DKasabji

‎09-15-2020 07:37 AM

@DKasabji, I am seeing some devices where Windows Defender Antivirus still have the service running.  I disable it via GPO and surprised to see it running on my system.  With the new tamper protections I have yet to figure out how to disable the service so it is like it is "off" but still running the app behind the scenes.  We are not Intune subscribers so there does not appear to be a way to turn it off if Cortex fails to do so.

0 Likes Likes

EddieRowe
L2 Linker

‎09-15-2020 07:42 AM

@tech_noob, doesn't ncat have legtimate uses so in and of itself it is not evil?  Do you have the grayware protection enabled? (Just thinking out loud...I am not experienced with Kali or ncat.

0 Likes Likes

DKasabji
L2 Linker
In response to EddieRowe

‎09-15-2020 02:12 PM

@EddieRowe Aren't you able to disable Tamper protection on Windows? That way you can disable Defender via GPO. 

 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks