Hello, Is there a way to allow a legitimate parent process to create a legitimate child process on Cortex XDR that is being blocked due to "Suspicious Process Creation"? In my case, I whitelisted the child process but the block continues. I do not want to whitelist the parent process as this may allow malware into our environment someday. I remember version 4.1 of Traps allowing this under Child Process Protection (I think was the name). For example "ParentProcess.exe ->spawns-> ChildProcess.exe : Allow". I looked into the exception profile, but it only allows me to create an exception for just one specific process. If anyone has an idea of if/how to accomplish this with Cortex XDR, please let me know! Thank you, stay safe.
... View more