This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Process Exclusions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR Process Exclusions

Namalw
L1 Bithead

‎04-21-2025 11:19 PM

We are deploying Cortex XDR to Windows servers initially in Report only mode and seeing memory Utiliziation on some servers ranging 500 MB- 1.2 GB. Is this considered to be normal?

 

Advise we receive was that we don't need to exclude ceritan processes or file path similar to how Application vendors requested to be Whitelist.

Does anyone have experience deploying XDR on critical infrastructure and keen to know if you had to exclude processes (relalted to performance rather than noise) or XDR works out of the box without too much effort?

0 Likes Likes
1 REPLY 1

aspatil
L6 Presenter

‎04-28-2025 01:30 AM

Hello @Namalw ,

 

Yes, observing memory utilization between 500 MB and 1.2 GB on Windows servers running Cortex XDR in "Report Only" mode is generally considered normal, especially during the initial deployment phase.

 

According to Palo Alto Networks, Cortex XDR's memory usage can range from 300 MB to 2 GB, depending on the system's workload. For most systems, a "normal" range is usually between 300 and 500 MB. However, for larger systems with high workloads, it's normal to exceed this range.

 

When deploying Cortex XDR on critical infrastructure, it's advisable to:

  • Avoid Whitelisting Specific Processes or Paths: Unlike traditional antivirus solutions, Cortex XDR doesn't typically require the exclusion of specific processes or file paths. The agent is designed to operate efficiently without manual exclusions.

  • Monitor Resource Usage: Keep an eye on memory and CPU utilization, especially during the initial deployment. If resource usage remains consistently high, consider adjusting the agent's configuration or consulting with Palo Alto Networks support.

 

If you feel this has answered your query, please let us know by clicking like and  on "mark this as a Solution". Thank you.

 

Ashutosh Patil
0 Likes Likes
  • 239 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks