XDR allwoing blocked files to run

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR allwoing blocked files to run

L2 Linker

Hello,

Even though we have added the file hash to the BLOCK LIST, XDR still alllows the process to run. Does someone know  the reason for why this is occuring. 

3 REPLIES 3

L2 Linker

Hello Aiman_Fathima, 

 

Blocking files on endpoints is also enforced by the endpoint malware profile. Please ensure that your Malware Security Profile is set to block mode.

 

In Action Center, on the Block list page, you may select Override Report mode to allow the agent to block hashes even if the Malware Profile is set to Report.

 

  • Please check Action Center to confirm the file hash is in the Block List: Incident Response >Response> Action Center > Block List
  • Select Override Report mode to allow the agent to block hashes even if the Malware Profile is set to Report.

jtalton_0-1657742510878.png

 

If all is configured, please open a support case for troubleshooting. 

Reference

Endpoint Security Profiles (paloaltonetworks.com)

Add a New Malware Security Profile (paloaltonetworks.com)

 

Thanks

Thank you

Was this your solution? From our expierience you should watch out if this hash/File is not in the Quarantäne. In some of our cases the computer needs a restart to work. 

It would be nice to know, how we can check, if this blocked hash is updaten to the Client. 

 

BR 

 

Rob

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!