Exploit protection - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Cortex XDR
Creation date
Last date published
Administrator Guide

Cortex XDR prevents exploit attempts and provides protection on endpoints based on the different operating systems.

An exploit is a sequence of commands that takes advantage of a bug or vulnerability in software or hardware to gain unauthorized access or control.

To combat an attack in which an attacker takes advantage of a software exploit or vulnerability, Cortex XDR employs Endpoint Protection Modules (EPM). Each EPM targets a specific exploit type in the attack chain. Some capabilities that Cortex XDR EPMs provide are reconnaissance prevention, memory corruption prevention, code execution prevention, and kernel protection.

The following table lists the types of exploits for which Cortex XDR provides protection.

Exploit protection type


Reconnaissance prevention

Prevents attackers from probing the network for vulnerabilities while preserving the option to perform internal reconnaissance testing.

Memory corruption prevention

Prevents adversaries from exploiting memory corruption vulnerabilities.

Code execution prevention

Prevents malicious code that could allow attackers to deploy additional malware to steal sensitive data.

Kernel protection

Protects the kernel against kernel threats and exploits.