10-18-2021 04:09 AM
Hi,
I've been wondering - Is it possible to block the execution of a file by file name or ioc in the xdr?
It sounds like a rather basic feature yet i can't seem to find anything about it in the docs - only thing i found is block file execution based on hash
01-24-2022 01:11 AM
This question is for Cortex XDR/Traps categories not for here. From what I seen for example even in other endpoint systems like Microsoft defender extensions and hashes are used and not the file names. Maybe only URL filtering or file path can be used for something like that:
Add a New Restrictions Security Profile (paloaltonetworks.com)
Cortex XDR/Traps in itself does not support URL filtering like the Microsoft Defender custom indicators but the firewall can do this as it's job:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljWCAS
Maybe endpoint DLP can do what you want like Digital Guardian etc. as blocking a file name is more like DLP task than EDR/Endpoint protection systems.
08-24-2022 05:07 AM - edited 08-24-2022 05:09 AM
Maybe see this as I just found it and it is a new article for the XDR using the Restriction profile:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
