- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-19-2024 04:34 AM
I am facing a challenge in Cortex XDR regarding file restrictions. When we need to block a specific file on endpoints, we add its file path to the restriction profile. This effectively blocks users from accessing or opening the file in the specified location.
However, the issue arises when a user copies the restricted file and pastes it into a different location. In this new location, they can access and open the file without any restrictions.
Is there a way to ensure that such files are blocked universally, regardless of their location on the endpoint? Any insights or best practices to address this scenario would be greatly appreciated.
12-19-2024 06:20 AM
Hi,
Thanks for reaching Live Community.
If you want to block a specific file from all your endpoint, I believe the best option is to add the hash in the block list.
You can review this here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-File...
If this post answers your question, please mark it as solution.
12-23-2024 10:57 PM
Can you add it as a fileName as well as hash value in the IOC and then add that IOC to the Restriction Profile?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!