ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Hello, Is there a way to allow a legitimate parent process to create a legitimate child process on Cortex XDR that is being blocked due to "Suspicious Process Creation"? In my case, I whitelisted the child process but the block continues. I do not want to whitelist the parent process as this may allow malware into our environment someday. I remember version 4.1 of Traps allowing this under Child Process Protection (I think was the name). For example "ParentProcess.exe ->spawns-> ChildProcess.exe : Allow". I looked into the exception profile, but it only allows me to create an exception for just one specific process. If anyone has an idea of if/how to accomplish this with Cortex XDR, please let me know! Thank you, stay safe.
... View more
Hello, hope you are all doing well and staying safe. Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.1, but still Windows Defender will not disable. For the majority of our systems Windows Defender has disabled, but it has come to my attention that on some machines it is not. Does anyone know why this may be happening? We are about to upgrade ~1000 endpoints from v6.1 to v7.1 over the next couple weeks and I want to make sure Windows Defender is disabled to reduce resource consumption. Thanks in advance! -OB
... View more