cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

L5 Sessionator

Hi @Balaraju You'll need to take a look at the alert itself, and investigate through the Causality Chain to identify the DLL that is being tried to load. You will see a process that is trying to load the DLL for each alert.

 

Next, look at your Exploit profile applied to the endpoint/set of endpoints. You probably have a list of DLL's blocked in the Profile configuration.

bbarmanroy_0-1647855593244.png


The configuration of that setting determines if the attack is disabled, reported or prevented.

Ref: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpo...

Who rated this post