07-28-2023 06:38 AM
Dear All ,
Once XDR taken action on a set of files which seems to be suspicious . Apart from Wildfire verdict , its also shows XDR action like Detected , Prevented (blocked ) .
How can I confirm Actual Action by XDR is Quarantine / Cleaned / Deleted ?
07-31-2023 03:39 AM
Dear @Venkatesh_Konar
Hope you are doing well. From your query I understand you would like to know what happens to a file once it is detected by Cortex XDR to be malicious. Please note that the action taken on the files depends on the Malware security profile configurations.
Please check the malware profile which is configured for the device in question and see if it is set to Block, Report or Disabled. If it is set to Block then please check what action is to be taken on the file such as Quarantine the file or delete it. Please find the Knowledge base articles provided below on Malware security profile:
Also please find the documentation on how to manage Quarantine files below, thank you:
Hope this answers your query, please reply back to this thread if there is anything else I can assist you with on this query. If you find this answer to be useful, please mark it as a solution, thank you.
07-31-2023 03:39 AM
Dear @Venkatesh_Konar
Hope you are doing well. From your query I understand you would like to know what happens to a file once it is detected by Cortex XDR to be malicious. Please note that the action taken on the files depends on the Malware security profile configurations.
Please check the malware profile which is configured for the device in question and see if it is set to Block, Report or Disabled. If it is set to Block then please check what action is to be taken on the file such as Quarantine the file or delete it. Please find the Knowledge base articles provided below on Malware security profile:
Also please find the documentation on how to manage Quarantine files below, thank you:
Hope this answers your query, please reply back to this thread if there is anything else I can assist you with on this query. If you find this answer to be useful, please mark it as a solution, thank you.
07-31-2023 06:56 AM - edited 08-01-2023 06:55 AM
Hi Venkatesh_Konar,
Just to add on to what @abdrahman already said, if the file was also quarantined in addition to being blocked, the action will be reported as Prevented (quarantined), but whether this is done is based on your Malware Profile configuration. Note, XDR does not automatically delete files, only optionally quarantine them.
Correction, this is not shown as a part of the alert action information. You can confirm this by going to the Action Center and clicking on File Quarantine to see the list of currently quarantined files on all endpoints.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
