Endpoint Security Profiles - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-12-12
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Rather than defining a new security profile for each of your endpoints, you can apply the pre-configured Cortex XDR security profiles instead.

Cortex XDR provides default security profiles that you can use out of the box to immediately begin protecting your endpoints from threats.

While security rules enable you to block or allow files to run on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When the Cortex XDR agent detects behavior that matches a rule defined in your security policy, the Cortex XDR agent applies the security profile that is attached to the rule for further inspection.

From Endpoints Policy ManagementPreventionProfiles, you can create the following profiles. The Prevention Profiles table lists all the profiles per operating system. Profiles associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

Profile Name

Description

Exploit Profiles

Exploit profiles block attempts to exploit system flaws in browsers, and in the operating system. For example, Exploit profiles help protect against exploit kits, illegal code execution, and other attempts to exploit process and system vulnerabilities. Exploit profiles are supported for Windows, Mac, and Linux platforms.

Add a New Exploit Security Profile.

Malware Profiles

Malware profiles protect against the execution of malware including trojans, viruses, worms, and grayware. Malware profiles serve two main purposes: to define how to treat behavior common with malware, such as ransomware or script-based attacks, and to define how to treat known malware and unknown files. Malware profiles are supported for all platforms.

Add a New Malware Security Profile.

Restrictions Profiles

Restrictions profiles limit where executables can run on an endpoint. For example, you can restrict files from running from specific local folders or from removable media. Restrictions profiles are supported only for Windows platforms.

Add a New Restrictions Security Profile.

Agent Settings Profiles

Agent Settings profiles enable you to customize settings that apply to the Cortex XDR agent (such as the disk space quota for log retention). For Mac and Windows platforms, you can also customize user interface options for the Cortex XDR console, such as accessibility and notifications.

Add a New Agent Settings Profile.

Exceptions Profiles

Exceptions Security Profiles override the security policy to allow a process or file to run on an endpoint, to disable a specific BTP rule, to allow a known digital signer, and to import exceptions from the Cortex XDR support team. Exceptions profiles are supported for Windows, Mac, and Linux platforms.

Add a New Exceptions Security Profile.

After you add the new security profile, you can Manage Endpoint Security Profiles.