1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex® XDR Pro Administrator’s Guide
    5. Endpoint Security
    6. Endpoint Security Profiles
    7. Add a New Exploit Security Profile
    8. Processes Protected by Exploit Security Policy

    Processes Protected by Exploit Security Policy

    Application processes that run on your endpoint are protected by the exploit security policy.
    By default, your exploit security profile protects endpoints from attack techniques that target specific processes. Each exploit protection capability protects a different set of processes that Palo Alto Networks researchers determine are susceptible to attack. The following tables display the processes that are protected by each exploit protection capability for each operating system.
    Windows Processes Protected by Exploit Security Policy
    Browser Exploits Protection
    • [updated version of Adobe Flash Player for Firefox installed on endpoint]
    • browser_broker.exe
    • chrome.exe
    • firefox.exe
    • flashutil_activex.exe
    • iexplore.exe
    • microsoftedge.exe
    • microsoftedgecp.exe
    • opera_plugin_wrapper.exe
    • opera.exe
    • plugin-container.exe
    • safari.exe
    • webkit2webprocess.exe
    Logical Exploits Protection
    • cliconfg.exe
    • dism.exe
    • dllhost.exe
    • excel.exe
    • migwiz.exe
    • mmc.exe
    • powerpnt.exe
    • sysprep.exe
    • winword.exe
    Known Vulnerable Processes Protection
    • 7z.exe
    • 7zfm.exe
    • 7zg.exe
    • acrobat.exe
    • acrord32.exe
    • acrord32info.exe
    • allplayer.exe
    • applemobiledeviceservice.exe
    • apwebgrb.exe
    • armsvc.exe
    • blazehdtv.exe
    • bsplayer.exe
    • cmd.exe
    • eqnedt32.exe
    • excel.exe
    • flashfxp.exe
    • fltldr.exe
    • fontdrvhost.exe
    • foxit reader.exe
    • foxitreader.exe
    • groovemonitor.exe
    • hxmail.exe
    • i_view32.exe
    • infopath.exe
    • ipodservice.exe
    • itunes.exe
    • ituneshelper.exe
    • journal.exe
    • jqs.exe
    • microsoft.photos.exe
    • msaccess.exe
    • mspub.exe
    • mstsc.exe
    • nginx.exe
    • notepad++.exe
    • nslookup.exe
    • outlook.exe
    • powerpnt.exe
    • pptview.exe
    • qttask.exe
    • quicktimeplayer.exe
    • rar.exe
    • reader_sl.exe
    • realconverter.exe
    • realplay.exe
    • realsched.exe
    • skype.exe
    • skypeapp.exe
    • skypehost.exe
    • SLMail.exe
    • soffice.exe
    • telnet.exe
    • unrar.exe
    • vboxservice.exe
    • vboxsvc.exe
    • vboxtray.exe
    • video.ui.exe
    • visio.exe
    • vlc.exe
    • vmware-authd.exe
    • vmware-hostd.exe
    • vmware-vmx.exe
    • vpreview.exe
    • vprintproxy.exe
    • wab.exe
    • w3wp.exe
    • winrar.exe
    • winword.exe
    • wireshark.exe
    • wmplayer.exe
    • wmpnetwk.exe
    • xpsrchvw.exe
    Operating System Exploit Protection
    • ctfmon.exe
    • dllhost.exe
    • dns.exe
    • lsass.exe
    • msmpeng.exe
    • runtimebroker.exe
    • spoolsv.exe
    • svchost.exe
    • taskeng.exe
    • taskhost.exe
    • wmiprvse.exe
    • wmiprvse.exe
    • wwahost.exe
    Mac Processes Protected by Exploit Security Policy
    Browser Exploits Protection
    • com.apple.safariservices
    • com.apple.webkit.plugin
    • com.apple.webkit.plugin.64
    • com.apple.webkit.webcontent
    • firefox
    • firefox-bin
    • google chrome helper
    • google chrome
    • plugin-container
    • safari
    • seamonkey
    Logical Exploits Protection
    • adobereader
    • app drive for google drive
    • app drop for dropbox
    • app for dropbox
    • app for facebook
    • app for google drive
    • app for googledocs
    • app for instagram
    • app for linkedin
    • app for youtube
    • com.apple.safariservices
    • com.apple.webkit.plugin
    • com.apple.webkit.plugin.64
    • com.apple.webkit.webcontent
    • document writer
    • firefox
    • firefox-bin
    • google chrome helper
    • google chrome
    • itunes helper
    • itunes
    • mail+ for yahoo
    • microsoft excel
    • microsoft outlook
    • microsoft powerpoint
    • microsoft remote desktop
    • microsoft word
    • miniwriterfree
    • parallels client
    • pdf reader pro free
    • pdf reader x
    • plugin-container
    • quicktime player
    • safari
    • seamonkey
    • slack
    • sonicwall mobile connect
    • textwrangler
    • vlc
    • vmware fusion services
    • vmware fusion
    • vpn shield
    • winmail.dat file viewer
    Known Vulnerable Processes Protection
    • adobereader
    • airmail
    • app drive for google drive
    • app drop for dropbox
    • app for dropbox
    • app for facebook
    • app for google drive
    • app for googledocs
    • app for instagram
    • app for linkedin
    • app for youtube
    • bbedit
    • c-lion
    • cisco anyconnect secure mobility client
    • com.apple.cloudphotosconfiguration
    • document writer
    • itunes helper
    • itunes
    • jump desktop
    • mail
    • mail+ for yahoo
    • messages
    • microsoft excel
    • microsoft outlook
    • microsoft powerpoint
    • microsoft remote desktop
    • microsoft word
    • miniwriterfree
    • parallels client
    • pdf reader pro free
    • pdf reader x
    • photos
    • photoshop
    • quickbooks
    • quicktime player
    • signal
    • slack
    • sonicwall mobile connect
    • telegram
    • textmate
    • textwrangler
    • thunderbird
    • vlc
    • vmware fusion services
    • vmware fusion
    • vpn shield
    • winmail.dat file viewer
    Linux Processes Protected by Exploit Security Policy
    Known Vulnerable Processes Protection
    • anacron
    • apache2
    • authproxy
    • bluetoothd
    • charon
    • chronyd
    • couriertcpd
    • cron
    • crond
    • cupsd
    • cyrus_pop3d
    • danted
    • dhcpd
    • dovecot
    • exim
    • ftpd
    • httpd
    • ibserver
    • identd
    • lighttpd
    • java
    • kamailio
    • mailman
    • master
    • mongod
    • mysqld
    • mysqld_safe
    • named
    • ndsd
    • nginx
    • nmbd
    • node
    • nscd
    • php
    • php5-fpm
    • pmmasterd
    • pop2d
    • pop3d
    • postgres
    • proftpd
    • qmgr
    • rpcbind
    • rsync
    • rsyslogd
    • samba
    • saned
    • sendmail
    • sendmail.sendmail
    • smartd
    • smbd
    • snmpd
    • squid
    • squid3
    • starter
    • syslog-ng
    • tinyproxy
    • vsftpd
    • wickedd-dhcp4
    • wickedd-dhcp6
    • winbindd
    • xinetd

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo