Rather than defining a new security profile for each
of your endpoints, you can apply the pre-configured Cortex® XDR™
security profiles instead.
Cortex XDR provides default security profiles that you can use
out of the box to immediately begin protecting your endpoints from
threats. While security rules enable you to block or allow files
to run on your endpoints, security profiles help you customize and
reuse settings across different groups of endpoints. When the Cortex
XDR agent detects behavior that matches a rule defined in your security
policy, the Cortex XDR agent applies the security profile that is
attached to the rule for further inspection.
Exploit profiles block attempts to exploit system
flaws in browsers, and in the operating system. For example, Exploit
profiles help protect against exploit kits, illegal code execution,
and other attempts to exploit process and system vulnerabilities.
Exploit profiles are supported for Windows, Mac, and Linux platforms.
Malware profiles protect against the execution
of malware including trojans, viruses, worms, and grayware. Malware
profiles serve two main purposes: to define how to treat behavior
common with malware, such as ransomware or script-based attacks,
and to define how to treat known malware and unknown files. Malware
profiles are supported for all platforms.
Restrictions profiles limit
where executables can run on an endpoint. For example, you can restrict
files from running from specific local folders or from removable media.
Restrictions profiles are supported only for Windows platforms.
Agent Settings profiles enable
you to customize settings that apply to the Cortex XDR agent (such
as the disk space quota for log retention). For Mac and Windows platforms,
you can also customize user interface options for the Cortex XDR
console, such as accessibility and notifications.
Exceptions Security Profiles override
the security policy to allow a process or file to run on an endpoint,
to disable a specific BTP rule, to allow a known digital signer,
and to import exceptions from the Cortex XDR support team. Exceptions profiles
are supported for Windows, Mac, and Linux platforms.