03-17-2026 10:27 PM
In our Organization E-Token is widely used by different departments/branches for specified purpose .However our cortex XDR is blocking the same under CD ROM category . How to allow the same and where to allow.
03-19-2026 05:18 AM
Hello @MEERSHAH
To allow E-Tokens that are being blocked under the CD-ROM category in Cortex XDR, create a Device Control exception based on the device’s Vendor ID (VID) and Product ID (PID). Configure this in the Cortex XDR Management Console under Policy > Device Exceptions by adding a rule to exempt the specific token IDs.
1. Identify the Token
- Plug in the E-Token and find its VID/PID from the blocked alert logs in Cortex XDR or via Device Manager on the endpoint.
2. Navigate to Policies
- In the Cortex XDR Console, go to:- Extensions Policy → Profile -> Create Device Exceptions .
3. Create Exception
- Add a new rule to Allow the specific device using its Vendor/Product ID.
- Set the permission to Read/Write or Allow to ensure the token functions correctly.
4. Assign Policy
- Apply the updated policy to the relevant endpoint groups (e.g., specific departments or branches using the token).
Note:
If the token is being blocked by a Malware/BIOC profile rather than Device Control, you may also need to add the signer of the token software to the allow list within the malware profile.
Please help out other users and “Accept as Solution” if a post helps solve your problem !
03-19-2026 05:18 AM
Hello @MEERSHAH
To allow E-Tokens that are being blocked under the CD-ROM category in Cortex XDR, create a Device Control exception based on the device’s Vendor ID (VID) and Product ID (PID). Configure this in the Cortex XDR Management Console under Policy > Device Exceptions by adding a rule to exempt the specific token IDs.
1. Identify the Token
- Plug in the E-Token and find its VID/PID from the blocked alert logs in Cortex XDR or via Device Manager on the endpoint.
2. Navigate to Policies
- In the Cortex XDR Console, go to:- Extensions Policy → Profile -> Create Device Exceptions .
3. Create Exception
- Add a new rule to Allow the specific device using its Vendor/Product ID.
- Set the permission to Read/Write or Allow to ensure the token functions correctly.
4. Assign Policy
- Apply the updated policy to the relevant endpoint groups (e.g., specific departments or branches using the token).
Note:
If the token is being blocked by a Malware/BIOC profile rather than Device Control, you may also need to add the signer of the token software to the allow list within the malware profile.
Please help out other users and “Accept as Solution” if a post helps solve your problem !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
