Cortex XDR enables you to define different types of exceptions
to security profiles, as needed.
To allow full granularity,
Cortex
XDR
enables you to create exceptions from your baseline
policy. With these exceptions you can remove specific folders or
paths from exemption, or disable specific security modules.
You can configure the following types of policy exceptions:
Exception Type
Description
Process exceptions
Define an exception for a specific process
for one or more security modules.
Support exceptions
Import an exception from the
Cortex
XDR
Support team.
Behavioral Threat Protection Rule Exception
An exception disabling a specific BTP rule across
all processes.
Digital Signer Exception
(
Windows only
) An exception adding a
digital signer to the list of allowed signers.
Java Deserialization Exception
(
Linux only
) An exception allowing specific
Java executable (jar, class).
Depending on your defined user scope, creating exceptions
may be disabled.
To help you manage and asses your BIOC/IOC rules,
Cortex
XDR
automatically creates a System
Generated rule exception if the same BIOC/IOC rule is detected
by the same initiator hash within a 3 day timeframe on 100 different
endpoints.
Each time a BIOC/IOC alert is detected, the 3 day timeframe begins
counting down. If after 3 days without an alert, the 3 day timeframe
is reset. For example:
Day Number
BIOC/IOC Detections
Action
Example A
1
98 Detections
No exception created
2
1 Detection
No exception created
4
1 Detection
System Generated exception created
Example B
1
98 Detections
No exception created
2
1 Detection
No exception created
6
99 Detections
No exception created since detections were
not within the 3 day timeframe
