This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Exception to prevent the blocking of the Powershell/CMD command

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exception to prevent the blocking of the Powershell/CMD command

Go to solution
Aristooo
L1 Bithead

‎01-05-2025 10:39 PM

Hi. How can I create an exception to prevent specific PowerShell and CMD commands from being blocked by XDR?
Cortex XDR 

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jmazzeo
L5 Sessionator

‎01-13-2025 10:37 AM

Hi @Aristooo, thanks for reaching us using the Live Community.

 

You can try by creating a Disable Prevention Rule under Configuration - Exceptions Configuration.

jmazzeo_0-1736793263095.png

 

You can there enter the command that you need to create the exception, in the "Command line" field. Select the right module by choosing the one that is blocking the process in your case, I have selected BTP for the example which is the common one.

 

If this post answers your question, please mark it as the solution.

 

JM

View solution in original post

4 REPLIES 4

Go to solution
jmazzeo
L5 Sessionator

‎01-13-2025 10:37 AM

Hi @Aristooo, thanks for reaching us using the Live Community.

 

You can try by creating a Disable Prevention Rule under Configuration - Exceptions Configuration.

jmazzeo_0-1736793263095.png

 

You can there enter the command that you need to create the exception, in the "Command line" field. Select the right module by choosing the one that is blocking the process in your case, I have selected BTP for the example which is the common one.

 

If this post answers your question, please mark it as the solution.

 

JM

Go to solution
Aristooo
L1 Bithead
In response to jmazzeo

‎01-14-2025 05:45 AM

Hi @jmazzeo ,  thanks for your response!

In the CMD Line under Target Properties, can I replace some arguments with *? For example, to capture all arguments in that part of the command. Like replacing "curl https://paloaltonetworks.com --show-error" with "curl https://* --show-error".

0 Likes Likes

Go to solution
jmazzeo
L5 Sessionator
In response to Aristooo

‎01-14-2025 05:49 AM

Yes, you can use the asterisk as a wildcard.

JM

Go to solution
Aristooo
L1 Bithead
In response to jmazzeo

‎01-14-2025 05:58 AM

@jmazzeo thank you very much!

0 Likes Likes
  • 1 accepted solution
  • 471 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks