10-10-2022 05:20 AM
I am looking for definitive answers on whether or not exe files should be whitelisted and where they should be whitelisted within Cortex?
10-10-2022 10:52 AM
Maybe palo alto could bringt out a short Video for white and blacklisting paths/files?
BR
Rob
10-10-2022 10:55 AM
I would also be interested, if this Feature from Cortex xdr pro is comparable to applocker.
BR
Rob
10-10-2022 06:30 PM - edited 10-10-2022 06:32 PM
It likely depends on the used cases on what should be whitelisted. Definitely the easiest, quickest and the best whitelisted always is SH256 allow list, which is granular in itself. However, as iterated, when it comes to whitelisting executables, it would depend upon the business used case and alerts around it.
Windows executables are microsoft signed application executables and because Microsoft is a highly trusted signer, Cortex XDR does not detect and examine it in the pre-exection stages(like Wildfire malware, Local Analysis).
In the post execution stages, everything is examined as it leverages behavioral execution monitoring for script based, fileless attacks and exploitation events as well.
We also have a process exception which has the capability to disable select protection modules for Cortex XDR depending upon the choices and used cases.
Please be apprised all of the above, will be specific to targets and profiles and should be implemented very carefully
10-12-2022 08:52 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
