Add a Malware Security Profile (Administrator Task) - Administrator Guide - 8.1 - Cortex XDR Agent - Cortex XDR - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent iOS App

Product
Cortex XDR Agent
Cortex XDR
Version
8.1
Creation date
2023-05-28
Last date published
2023-12-12
Category
Administrator Guide

Malware security profiles allow you to configure the actions Cortex XDR agents take when they detect known malicious URLs or spam numbers.

By default, the Cortex XDR agent will receive the default profile that contains a predefined configuration for each malware protection capability supported by the platform.

  1. Add a new profile.

    1. From the Cortex XDR tenant, select Endpoints Policy ManagementPreventionProfiles+ Add Profile and select whether to Create New or Import from File a new profile.

      Note

      New imported profiles are added, not replaced.

    2. Select iOS, and then the Malware profile type.

    3. Click Next.

  2. Configure the Malware profile.

    1. Enter a meaningful Profile Name and a description.

    2. Configure SMS, MMS and Safari Malicious URL Filtering by adding allowed URLs to the Allow List, and by adding known malicious URLs to the Block List.

    3. Configure reporting of spam calls and messages to XDR analysts by selecting a Spam Report option.

    4. Configure Call and Messages Blocking by adding allowed numbers to the Allow List, and known spam numbers to the Add Known Spam Numbers list.

      Note

      Ensure that the same numbers are not added multiple times with different leading zeros.

  3. Create the profile.

  4. Assign the profile to a Prevention Policy Rule. Select Endpoints Policy ManagementPreventionPolicy Rules.

    1. Do one of the following:

      • To create a new policy or import a policy, click +Add Policy and select whether to Create New or Import from File. Enter a meaningful Policy Name and Description.

      • Edit an existing policy rule.

      Note

      New imported policies are added, not replaced.

    2. For Platform, select iOS, and then for Malware, select the profile that you created.

    3. Click Next.

    4. Select the iOS devices to which you want to assign the policy.

    5. Click Done.