Processes Protected by Exploit Security Policy - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-18
Category
Administrator Guide
Abstract

Application processes that run on your endpoint are protected by the exploit security policy.

By default, your exploit security profile protects endpoints from attack techniques that target specific processes. Each exploit protection capability protects a different set of processes that Palo Alto Networks researchers determine are susceptible to attack. The following tables display the processes that are protected by each exploit protection capability for each operating system.

Windows Processes Protected by Exploit Security Policy

Browser Exploits Protection

  • [updated version of Adobe Flash Player for Firefox installed on endpoint]

  • browser_broker.exe

  • chrome.exe

  • firefox.exe

  • flashutil_activex.exe

  • iexplore.exe

  • microsoftedge.exe

  • microsoftedgecp.exe

  • opera_plugin_wrapper.exe

  • opera.exe

  • plugin-container.exe

  • safari.exe

  • webkit2webprocess.exe

Logical Exploits Protection

  • cliconfg.exe

  • dism.exe

  • dllhost.exe

  • excel.exe

  • migwiz.exe

  • mmc.exe

  • powerpnt.exe

  • sysprep.exe

  • winword.exe

Known Vulnerable Processes Protection

  • 7z.exe

  • 7zfm.exe

  • 7zg.exe

  • acrobat.exe

  • acrord32.exe

  • acrord32info.exe

  • allplayer.exe

  • applemobiledeviceservice.exe

  • apwebgrb.exe

  • armsvc.exe

  • blazehdtv.exe

  • bsplayer.exe

  • cmd.exe

  • eqnedt32.exe

  • excel.exe

  • flashfxp.exe

  • fltldr.exe

  • fontdrvhost.exe

  • foxit reader.exe

  • foxitreader.exe

  • groovemonitor.exe

  • hxmail.exe

  • i_view32.exe

  • infopath.exe

  • ipodservice.exe

  • itunes.exe

  • ituneshelper.exe

  • journal.exe

  • jqs.exe

  • microsoft.photos.exe

  • msaccess.exe

  • mspub.exe

  • mstsc.exe

  • nginx.exe

  • notepad++.exe

  • nslookup.exe

  • outlook.exe

  • powerpnt.exe

  • pptview.exe

  • qttask.exe

  • quicktimeplayer.exe

  • rar.exe

  • reader_sl.exe

  • realconverter.exe

  • realplay.exe

  • realsched.exe

  • skype.exe

  • skypeapp.exe

  • skypehost.exe

  • SLMail.exe

  • soffice.exe

  • telnet.exe

  • unrar.exe

  • vboxservice.exe

  • vboxsvc.exe

  • vboxtray.exe

  • video.ui.exe

  • visio.exe

  • vlc.exe

  • vmware-authd.exe

  • vmware-hostd.exe

  • vmware-vmx.exe

  • vpreview.exe

  • vprintproxy.exe

  • wab.exe

  • w3wp.exe

  • winrar.exe

  • winword.exe

  • wireshark.exe

  • wmplayer.exe

  • wmpnetwk.exe

  • xpsrchvw.exe

Operating System Exploit Protection

  • ctfmon.exe

  • dllhost.exe

  • dns.exe

  • lsass.exe

  • msmpeng.exe

  • runtimebroker.exe

  • spoolsv.exe

  • svchost.exe

  • taskeng.exe

  • taskhost.exe

  • wmiprvse.exe

  • wmiprvse.exe

  • wwahost.exe

Mac Processes Protected by Exploit Security Policy

Browser Exploits Protection

  • com.apple.safariservices

  • com.apple.webkit.plugin

  • com.apple.webkit.plugin.64

  • com.apple.webkit.webcontent

  • firefox

  • firefox-bin

  • google chrome helper

  • google chrome

  • plugin-container

  • safari

  • seamonkey

Logical Exploits Protection

  • adobereader

  • app drive for google drive

  • app drop for dropbox

  • app for dropbox

  • app for facebook

  • app for google drive

  • app for googledocs

  • app for instagram

  • app for linkedin

  • app for youtube

  • com.apple.safariservices

  • com.apple.webkit.plugin

  • com.apple.webkit.plugin.64

  • com.apple.webkit.webcontent

  • document writer

  • firefox

  • firefox-bin

  • google chrome helper

  • google chrome

  • itunes helper

  • itunes

  • mail+ for yahoo

  • microsoft excel

  • microsoft outlook

  • microsoft powerpoint

  • microsoft remote desktop

  • microsoft word

  • miniwriterfree

  • parallels client

  • pdf reader pro free

  • pdf reader x

  • plugin-container

  • quicktime player

  • safari

  • seamonkey

  • slack

  • sonicwall mobile connect

  • textwrangler

  • vlc

  • vmware fusion services

  • vmware fusion

  • vpn shield

  • winmail.dat file viewer

Known Vulnerable Processes Protection

  • adobereader

  • airmail

  • app drive for google drive

  • app drop for dropbox

  • app for dropbox

  • app for facebook

  • app for google drive

  • app for googledocs

  • app for instagram

  • app for linkedin

  • app for youtube

  • bbedit

  • c-lion

  • cisco anyconnect secure mobility client

  • com.apple.cloudphotosconfiguration

  • document writer

  • itunes helper

  • itunes

  • jump desktop

  • mail

  • mail+ for yahoo

  • messages

  • microsoft excel

  • microsoft outlook

  • microsoft powerpoint

  • microsoft remote desktop

  • microsoft word

  • miniwriterfree

  • parallels client

  • pdf reader pro free

  • pdf reader x

  • photos

  • photoshop

  • quickbooks

  • quicktime player

  • signal

  • slack

  • sonicwall mobile connect

  • telegram

  • textmate

  • textwrangler

  • thunderbird

  • vlc

  • vmware fusion services

  • vmware fusion

  • vpn shield

  • winmail.dat file viewer

Linux Processes Protected by Exploit Security Policy

Known Vulnerable Processes Protection

  • anacron

  • apache2

  • authproxy

  • bluetoothd

  • charon

  • chronyd

  • couriertcpd

  • cron

  • crond

  • cupsd

  • cyrus_pop3d

  • danted

  • dhcpd

  • dovecot

  • exim

  • ftpd

  • httpd

  • ibserver

  • identd

  • lighttpd

  • java

  • kamailio

  • mailman

  • master

  • mongod

  • mysqld

  • mysqld_safe

  • named

  • ndsd

  • nginx

  • nmbd

  • node

  • nscd

  • php

  • php5-fpm

  • pmmasterd

  • pop2d

  • pop3d

  • postgres

  • proftpd

  • qmgr

  • rpcbind

  • rsync

  • samba

  • saned

  • sendmail

  • sendmail.sendmail

  • smartd

  • smbd

  • snmpd

  • squid

  • squid3

  • starter

  • syslog-ng

  • tinyproxy

  • vsftpd

  • wickedd-dhcp4

  • wickedd-dhcp6

  • winbindd

  • xinetd