Cortex XSIAM prevents malware attacks and provides protection on endpoints based on the different operating systems.
Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system. Cortex XSIAM prevents malware by employing the Malware Prevention Engine. This approach combines several layers of protection to prevent both known and unknown malware from causing harm to your endpoints. The mitigation techniques that the Malware Prevention Engine employs vary by endpoint type.
The Malware Prevention Engine uses mitigation methods that implements malware protection on endpoints based on the different operating systems.
Malware protection type | Description |
---|---|
Portable executable and DLL | Enables Cortex XSIAM to analyze and prevent malicious executable files and DLL files from running on Windows endpoints. |
Office files with macros examination | Enables Cortex XSIAM to analyze and prevent malicious macros embedded in Microsoft Office files (Word, Excel) from running on Windows endpoints. |
On-write file protection | Enables Cortex XSIAM to monitor and take action on malicious files during the on-write process. |
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Global behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
In-process shellcode protection | Enables Cortex XSIAM to protect against in-process shellcode attack threats. |
Malicious device protection | Enables Cortex XSIAM to protect against the connection of potentially malicious devices to endpoints. |
UAC bypass prevention | Enables Cortex XSIAM to protect against the User Access Control (UAC) bypass mechanism that is associated with privilege elevation attempts. |
Malware protection type | Description |
---|---|
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Global behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
Anti tampering protection | Enables Cortex XSIAM to protect against tampering attempts. |
Ransomware protection | Enables Cortex XSIAM to protect against encryption-based activity associated with ransomware attacks. |
Malicious child process protection | Enables Cortex XSIAM to prevent script-based attacks. Such attacks can be used to deliver malware by blocking targeted processes that are commonly used to bypass traditional security methods. |
Mach-O file examination | Enables Cortex XSIAM to check Mach-O files for malware. |
Local file threat examination | Enables Cortex XSIAM to detect malicious files on the endpoint. |
DMG file examination | Enables Cortex XSIAM to check DMG files for malware. |
Malware protection type | Description |
---|---|
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Global threat behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
Container escaping protection | Enables Cortex XSIAM to protect against container-escaping attempts. |
ELF file examination | Enables Cortex XSIAM to examine ELF files on endpoints and perform additional actions on them. |
Local file threat examination | Enables Cortex XSIAM to detect malicious files on the endpoint. |
Reverse shell protection | Enables Cortex XSIAM to prevent attempts to redirect standard input and output streams to network sockets. |
Malware protection type | Description |
---|---|
APK files examination | Enables Cortex XSIAM to analyze and prevent malicious APK files from running on endpoints. |
Malware protection type | Description |
---|---|
URL filtering | Enables Cortex XSIAM to analyze and block or report malicious URLs, and to block or allow custom URLs. |
Spam reports | Enables Cortex XSIAM to report calls and messages as spam. |
Call and messages blocking | Enables Cortex XSIAM to act on incoming calls and messages from known spam numbers. |
Safari browser security module | This security module can provide proactive gating of suspicious sites accessed using Safari, and provides informative site analysis to the device user. This option is recommended for iOS devices that do not belong to your organization and do not use the Network Shield feature. |
Network and EDR security module | This module lets you configure granular control and monitoring of network traffic on iOS-based supervised devices. The devices' profiles must be also configured for this on the MDM side as explained in the Cortex XDR Agent iOS Guide. |