This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to Effectively Restrict Specific Files Across All Locations in Cortex XDR?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Effectively Restrict Specific Files Across All Locations in Cortex XDR?

J.X570892
L0 Member

‎12-19-2024 04:34 AM

I am facing a challenge in Cortex XDR regarding file restrictions. When we need to block a specific file on endpoints, we add its file path to the restriction profile. This effectively blocks users from accessing or opening the file in the specified location.

 

However, the issue arises when a user copies the restricted file and pastes it into a different location. In this new location, they can access and open the file without any restrictions.

 

Is there a way to ensure that such files are blocked universally, regardless of their location on the endpoint? Any insights or best practices to address this scenario would be greatly appreciated.

Johnboscoantony
0 Likes Likes
3 REPLIES 3

mavega
L2 Linker

‎12-19-2024 06:20 AM

Hi,

 

Thanks for reaching Live Community.

 

If you want to block a specific file from all your endpoint, I believe the best option is to add the hash in the block list.

 

You can review this here:  https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-File...

 

If this post answers your question, please mark it as solution.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner
0 Likes Likes

RFeyertag
L4 Transporter

‎12-20-2024 10:45 AM

Is blocking the best way? What about alerting, if a user reads or moves it? And if, than...

 

BR

 

Rob

0 Likes Likes

maximk
L1 Bithead

‎12-20-2024 10:58 AM

If it's digitally signed, I would block by the signer via Restriction profile. Otherwise by sha256 via blocklist.    

0 Likes Likes
  • 140 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Related Content
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks