Exceptions Security Profiles

To allow full granularity, Cortex XDR allows you to create exceptions from your baseline policy. These exceptions allow you to remove specific folders or paths from exemption or disable specific security modules. In Cortex XDR, you can configure the following types of policy exceptions:
Exception Type
Description
Process exceptions
Define an exception for a specific process for one or more security modules.
Support exceptions
Import an exception from the Cortex XDR Support team.
Behavioral Threat Protection Rule Exception
An exception disabling a specific BTP rule across all processes.
Digital Signer Exception
(
Windows only
) An exception adding a digital signer to the list of allowed signers.
Java Deserialization Exception
(
Linux only
) An exception allowing specific Java executable (jar, class).
Local File Threat Examination Exception
(
Linux only
) An exception allowing specific PHP files.
There are two types of exceptions you can create:
To help you manage and asses your BIOC/IOC rules, Cortex XDR automatically creates a
System Generated
rule exception if the same BIOC/IOC rule is detected by the same initiator hash within a 3 day timeframe on 100 different endpoints.
Each time a BIOC/IOC alert is detected, the 3 day timeframe begins counting down. If after 3 days without an alert, the 3 day timeframe is reset. For example:
Day Number
BIOC/IOC Detections
Action
Example A
1
98 Detections
No exception created
2
1 Detection
No exception created
4
1 Detection
System Generated exception created
Example B
1
98 Detections
No exception created
2
1 Detection
No exception created
6
99 Detections
No exception created since detections were not within the 3 day timeframe

Recommended For You