Cortex Cloud prevents malware attacks and provides protection on endpoints based on the different operating systems.
Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system. Cortex Cloud prevents malware by employing the Malware Prevention Engine. This approach combines several layers of protection to prevent both known and unknown malware from causing harm to your endpoints. The mitigation techniques that the Malware Prevention Engine employs vary by endpoint type.
The Malware Prevention Engine uses mitigation methods that implements malware protection on endpoints based on the different operating systems.
Malware protection type | Description |
|---|---|
Anti tampering protection | Enables Cortex Cloud to protect against tampering attempts. |
Anti webshell protection | Enables Cortex Cloud to protect endpoint processes from dropping malicious web shells. |
ASP and ASPX file protection | Enables Cortex Cloud to protect endpoint from malicious ASP and ASPX files being written to the file system. |
Credential gathering protection | Enables Cortex Cloud to protect endpoints from processes trying to access or steal passwords and other credentials. |
Cryptominers protection | Enables Cortex Cloud to protect against attempts to locate or steal cryptocurrencies. |
Dynamic kernel protection | Enables Cortex Cloud to protect endpoints from kernel-level threats such as bootkits, rootkits, and susceptible drivers. |
Endpoint scanning | Enables Cortex Cloud to scan endpoints and attached removable drives for dormant, inactive malware. |
Financial malware threat protection | Enables Cortex Cloud to protect against techniques specific to financial and banking malware. |
Global behavioral threat protection rules | Enables Cortex Cloud to use rules to protect endpoints from malicious causality chains. |
IIS protection | Enables Cortex Cloud to protect against Internet Information Server (IIS) attacks. |
In-process shellcode protection | Enables Cortex Cloud to protect against in-process shellcode attack threats. |
JScript file examination | Enables Cortex Cloud to detect and prevent malicious JScript files from being executed or written to disk on Windows-based endpoints. |
LDAP query protection | Enables Cortex Cloud to analyze and act upon suspicious LDAP queries sent by the agent to a Domain Controller, to detect and block Active Directory reconnaissance attacks. |
Malicious causality chain response | Enables Cortex Cloud to respond automatically when malicious causality chains are identified. |
Malicious child process protection | Enables Cortex Cloud to prevent script-based attacks. Such attacks can be used to deliver malware by blocking targeted processes that are commonly used to bypass traditional security methods. |
Malicious device protection | Enables Cortex Cloud to protect against the connection of potentially malicious devices to endpoints. |
Network packet inspection | Enables Cortex Cloud to analyze network packet data for malicious behavior. |
Office files with macros examination | Enables Cortex Cloud to analyze and prevent malicious macros embedded in Microsoft Office files (Word, Excel) from running on Windows endpoints. |
On-demand file examination | Enables Cortex Cloud to scan endpoints and attached removable drives for dormant, inactive malware. |
On-write file examination | Enables Cortex Cloud to monitor and take action on malicious files during the on-write process. |
Password theft protection | Enables Cortex Cloud to prevent attacks that extract passwords from memory using the Mimikatz tool. |
Portable executable and DLL | Enables Cortex Cloud to analyze and prevent malicious executable files and DLL files from running on Windows endpoints. |
PowerShell script file examination | Enables Cortex Cloud to analyze and prevent malicious PowerShell script files from running on Windows endpoints. |
Ransomware protection | Enables Cortex Cloud to protect against encryption-based activity associated with ransomware attacks. |
Security measure bypass protection | Enables Cortex Cloud to protect endpoints from malicious actors attempting to bypass Windows built-in security controls. |
UAC bypass prevention | Enables Cortex Cloud to protect against the User Access Control (UAC) bypass mechanism that is associated with privilege elevation attempts. |
UEFI protection | Enables Cortex Cloud to protect endpoints from Unified Extensible Firmware Interface (UEFI) manipulation attempts. |
VB script file protection | Enables Cortex Cloud to protect endpoints from malicious VB script files. |
Malware protection type | Description |
|---|---|
Anti tampering protection | Enables Cortex Cloud to protect against tampering attempts. |
Anti webshell protection | Enables Cortex Cloud to protect endpoint processes from dropping malicious web shells. |
Credential gathering protection | Enables Cortex Cloud to protect endpoints from processes trying to access or steal passwords and other credentials. |
Cryptominers protection | Enables Cortex Cloud to protect against attempts to locate or steal cryptocurrencies. |
DMG file examination | Enables Cortex Cloud to check DMG files for malware. |
Endpoint scanning | Enables Cortex Cloud to scan endpoints and attached removable drives for dormant, inactive malware. |
Financial malware threat protection | Enables Cortex Cloud to protect against techniques specific to financial and banking malware. |
Global behavioral threat protection rules | Enables Cortex Cloud to use rules to protect endpoints from malicious causality chains. |
Local file threat examination | Enables Cortex Cloud to detect malicious files on the endpoint. |
Mach-O file examination | Enables Cortex Cloud to check Mach-O files for malware upon loading, and upon execution. |
Malicious child process protection | Enables Cortex Cloud to prevent script-based attacks. Such attacks can be used to deliver malware by blocking targeted processes that are commonly used to bypass traditional security methods. |
Malicious device protection | Enables Cortex Cloud to identify and block potentially malicious Human Interface Devices (HIDs), to prevent attacks that exploit device trust. |
Network Packet Inspection Engine | Enables to detect abnormal network traffic patterns and prevent malicious activity. |
Ransomware protection | Enables Cortex Cloud to protect against encryption-based activity associated with ransomware attacks. |
Malware protection type | Description |
|---|---|
Anti webshell protection | Enables Cortex Cloud to protect endpoint processes from dropping malicious web shells. |
Container escaping protection | Enables Cortex Cloud to protect against container-escaping attempts. |
Credential gathering protection | Enables Cortex Cloud to protect endpoints from processes trying to access or steal passwords and other credentials. |
Cryptominers protection | Enables Cortex Cloud to protect against attempts to locate or steal cryptocurrencies. |
ELF file examination |
|
Endpoint scanning | Enables Cortex Cloud to scan endpoints and attached removable drives for dormant, inactive malware. |
Financial malware threat protection | Enables Cortex Cloud to protect against techniques specific to financial and banking malware. |
Global threat behavioral threat protection rules | Enables Cortex Cloud to use rules to protect endpoints from malicious causality chains. |
Local file threat examination | Enables Cortex Cloud to detect malicious files on the endpoint. |
Malicious child process protection | Enables Cortex Cloud to prevent process creation based on examination of suspicious relations between parent and child processes. |
Reverse shell protection | Enables Cortex Cloud to prevent attempts to redirect standard input and output streams to network sockets. |