11-06-2023 10:11 AM
We have a mac that we suspect may be compromised. We would like to run a scan with the device offline and not connected to our network.
How would we go about doing this?
11-06-2023 10:43 PM
Hi @EricBjurstrom ,
Thank you for reaching out to Palo Alto Live Community.
In case your endpoint is compromised then you can first isolate the compromise endpoint. When you isolate an endpoint, you halt all network access on the endpoint except for traffic to Cortex XDR. This can prevent a compromised endpoint from communicating with other endpoints thereby reducing an attacker’s mobility on your network. please refer the document below for more information:
After isolating the endpoint you can run the malware scan on a compromised endpoint, please refer the document below for more information about malware scan:
Hope this helps!
Please mark the response as "Accept as Solution"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
