Exception Configuration - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Learn how to configure exceptions from your baseline policy.

To allow full granularity, Cortex XDR enables you to create exceptions from your baseline policy. With these exceptions you can remove specific folders or paths from evaluation, or disable specific security modules. You can configure exception rules for Cortex XDR protection and prevention actions in a centralized location, and apply them across multiple profiles. The exceptions can be configured from SettingsException Configuration.

Prior to Cortex XDR version 3.5, Legacy Agent Exceptions and Support Exceptions were configured through their relevant profiles.

Starting with version 3.5, Cortex XDR enables you to manage the Legacy Agent Exceptions and Support Exception configurations from a central location and easily apply them across multiple profiles in the Agent Exceptions Management page. 

To manage the Prevention profile exceptions from Exception Configuration, you must first migrate your existing exceptions configured via profiles. Your existing exception profiles are migrated per module.

Cortex XDR simulates the migration to enable you to review the results before activating the migration.

To run the simulation and migrate your exception configurations,

  1. Select SettingsException ConfigurationLegacy Exceptions and click Start Simulation.

  2. Review the Legacy Agent Exceptions and the Support Exception Rules.

  3. You can then Activate the new agent management page or Cancel to continue using the Prevention Profiles to configure individual exceptions.


If you don't migrate the legacy exceptions, you can continue to create exceptions through the profiles.

After the migration, you can Add a Support Exception Rule or Create a Legacy Exception Rule.