Learn how to configure exceptions from your baseline policy.
To allow full granularity, Cortex XDR enables you to create exceptions from your baseline policy. With these exceptions you can remove specific folders or paths from evaluation, or disable specific security modules. You can configure exception rules for Cortex XDR protection and prevention actions in a centralized location, and apply them across multiple profiles. The exceptions can be configured from → .
Alert Exclusion rules specify match criteria for alerts that you want to suppress.
IOC/BIOC Suppression Rules exclude one or more indicators from an IOC or BIOC rule which takes action on specific behaviors.
Disable Prevention Rules specify granular exceptions to prevention actions triggered for your endpoints.
Legacy Agent Exceptions define prevention profile exception rules for all endpoints.
Support Exception Rules generate exceptions based on files provided by the support team.
Prior to Cortex XDR version 3.5, Legacy Agent Exceptions and Support Exceptions were configured through their relevant profiles.
Starting with version 3.5, Cortex XDR enables you to manage the Legacy Agent Exceptions and Support Exception configurations from a central location and easily apply them across multiple profiles in the Agent Exceptions Management page.
To manage the Prevention profile exceptions from Exception Configuration, you must first migrate your existing exceptions configured via profiles. Your existing exception profiles are migrated per module.
Cortex XDR simulates the migration to enable you to review the results before activating the migration.
To run the simulation and migrate your exception configurations,
Select Start Simulation.→ → and click
Review the Legacy Agent Exceptions and the Support Exception Rules.
You can then Activate the new agent management page or Cancel to continue using the Prevention Profiles to configure individual exceptions.
If you don't migrate the legacy exceptions, you can continue to create exceptions through the profiles.