This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Exception to prevent the blocking of the Powershell/CMD command

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exception to prevent the blocking of the Powershell/CMD command

Go to solution
Aristooo
L2 Linker

‎01-05-2025 10:39 PM

Hi. How can I create an exception to prevent specific PowerShell and CMD commands from being blocked by XDR?
Cortex XDR  

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jmazzeo
L5 Sessionator

‎01-13-2025 10:37 AM

Hi @Aristooo, thanks for reaching us using the Live Community.

 

You can try by creating a Disable Prevention Rule under Configuration - Exceptions Configuration.

jmazzeo_0-1736793263095.png

 

You can there enter the command that you need to create the exception, in the "Command line" field. Select the right module by choosing the one that is blocking the process in your case, I have selected BTP for the example which is the common one.

 

If this post answers your question, please mark it as the solution.

 

JM

View solution in original post

5 REPLIES 5

Go to solution
jmazzeo
L5 Sessionator

‎01-13-2025 10:37 AM

Hi @Aristooo, thanks for reaching us using the Live Community.

 

You can try by creating a Disable Prevention Rule under Configuration - Exceptions Configuration.

jmazzeo_0-1736793263095.png

 

You can there enter the command that you need to create the exception, in the "Command line" field. Select the right module by choosing the one that is blocking the process in your case, I have selected BTP for the example which is the common one.

 

If this post answers your question, please mark it as the solution.

 

JM

Go to solution
Aristooo
L2 Linker
In response to jmazzeo

‎01-14-2025 05:45 AM

Hi @jmazzeo ,  thanks for your response!

In the CMD Line under Target Properties, can I replace some arguments with *? For example, to capture all arguments in that part of the command. Like replacing "curl https://paloaltonetworks.com --show-error" with "curl https://* --show-error".

0 Likes Likes

Go to solution
jmazzeo
L5 Sessionator
In response to Aristooo

‎01-14-2025 05:49 AM

Yes, you can use the asterisk as a wildcard.

JM

Go to solution
Aristooo
L2 Linker
In response to jmazzeo

‎01-14-2025 05:58 AM

@jmazzeo thank you very much!

0 Likes Likes

Go to solution
TurkanAsadova
L0 Member

‎03-14-2025 01:56 AM

Hi Cortex XDR Community,

I want to set up an alert in Cortex XDR that triggers whenever any user runs a PowerShell script. The alert should activate for any script or command executed in PowerShell, regardless of the user or specific script.

Is there an existing rule or method to create such an alert for PowerShell usage? Any suggestions or examples would be appreciated.

Thanks in advance!

 

0 Likes Likes
  • 1 accepted solution
  • 1042 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks