Cortex XSIAM prevents malware attacks and provides protection on endpoints based on the different operating systems.
Malicious files, known as malware, are often disguised as or embedded in non-malicious files. These files can attempt to gain control, gather sensitive information, or disrupt the normal operations of the system. Cortex XSIAM prevents malware by employing the Malware Prevention Engine. This approach combines several layers of protection to prevent both known and unknown malware from causing harm to your endpoints. The mitigation techniques that the Malware Prevention Engine employs vary by endpoint type.
The Malware Prevention Engine uses mitigation methods that implements malware protection on endpoints based on the different operating systems.
Malware protection type | Description |
|---|---|
Portable executable and DLL | Enables Cortex XSIAM to analyze and prevent malicious executable files and DLL files from running on Windows endpoints. |
Office files with macros examination | Enables Cortex XSIAM to analyze and prevent malicious macros embedded in Microsoft Office files (Word, Excel) from running on Windows endpoints. |
PowerShell script file examination | Enables Cortex XSIAM to analyze and prevent malicious PowerShell script files from running on Windows endpoints. |
Network packet inspection | Enables Cortex XSIAM to analyze network packet data for malicious behavior. |
On-write file examination | Enables Cortex XSIAM to monitor and take action on malicious files during the on-write process. |
Password theft protection | Enables Cortex XSIAM to prevent attacks that extract passwords from memory using the Mimikatz tool. |
Malicious child process protection | Enables Cortex XSIAM to prevent script-based attacks. Such attacks can be used to deliver malware by blocking targeted processes that are commonly used to bypass traditional security methods. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
Ransomware protection | Enables Cortex XSIAM to protect against encryption-based activity associated with ransomware attacks. |
In-process shellcode protection | Enables Cortex XSIAM to protect against in-process shellcode attack threats. |
IIS protection | Enables Cortex XSIAM to protect against Internet Information Server (IIS) attacks. |
Anti tampering protection | Enables Cortex XSIAM to protect against tampering attempts. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Malicious device protection | Enables Cortex XSIAM to protect against the connection of potentially malicious devices to endpoints. |
UAC bypass prevention | Enables Cortex XSIAM to protect against the User Access Control (UAC) bypass mechanism that is associated with privilege elevation attempts. |
ASP and ASPX file protection | Enables Cortex XSIAM to protect endpoint from malicious ASP and ASPX files being written to the file system. |
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Dynamic kernel protection | Enables Cortex XSIAM to protect endpoints from kernel-level threats such as bootkits, rootkits, and susceptible drivers. |
Security measure bypass protection | Enables Cortex XSIAM to protect endpoints from malicious actors attempting to bypass Windows built-in security controls. |
VB script file protection | Enables Cortex XSIAM to protect endpoints from malicious VB script files. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
UEFI protection | Enables Cortex XSIAM to protect endpoints from Unified Extensible Firmware Interface (UEFI) manipulation attempts. |
Malicious causality chain response | Enables Cortex XSIAM to respond automatically when malicious causality chains are identified. |
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
On-demand file examination | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Global behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Malware protection type | Description |
|---|---|
Anti tampering protection | Enables Cortex XSIAM to protect against tampering attempts. |
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
DMG file examination | Enables Cortex XSIAM to check DMG files for malware. |
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Global behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Local file threat examination | Enables Cortex XSIAM to detect malicious files on the endpoint. |
Mach-O file examination | Enables Cortex XSIAM to check Mach-O files for malware. |
Malicious child process protection | Enables Cortex XSIAM to prevent script-based attacks. Such attacks can be used to deliver malware by blocking targeted processes that are commonly used to bypass traditional security methods. |
Ransomware protection | Enables Cortex XSIAM to protect against encryption-based activity associated with ransomware attacks. |
Malware protection type | Description |
|---|---|
Anti webshell protection | Enables Cortex XSIAM to protect endpoint processes from dropping malicious web shells. |
Container escaping protection | Enables Cortex XSIAM to protect against container-escaping attempts. |
Credential gathering protection | Enables Cortex XSIAM to protect endpoints from processes trying to access or steal passwords and other credentials. |
Cryptominers protection | Enables Cortex XSIAM to protect against attempts to locate or steal cryptocurrencies. |
ELF file examination | Enables Cortex XSIAM to examine ELF files on endpoints and perform additional actions on them. |
Endpoint scanning | Enables Cortex XSIAM to scan endpoints and attached removable drives for dormant, inactive malware. |
Financial malware threat protection | Enables Cortex XSIAM to protect against techniques specific to financial and banking malware. |
Global threat behavioral threat protection rules | Enables Cortex XSIAM to use rules to protect endpoints from malicious causality chains. |
Local file threat examination | Enables Cortex XSIAM to detect malicious files on the endpoint. |
Reverse shell protection | Enables Cortex XSIAM to prevent attempts to redirect standard input and output streams to network sockets. |
Malware protection type | Description |
|---|---|
APK files examination | Enables Cortex XSIAM to analyze and prevent malicious APK files from running on endpoints. |
Malware protection type | Description |
|---|---|
Call and messages blocking | Enables Cortex XSIAM to act on incoming calls and messages from known spam numbers. |
Network and EDR security module | This module lets you configure granular control and monitoring of network traffic on iOS-based supervised devices. The devices' profiles must be also configured for this on the MDM side as explained in the Cortex XDR Agent iOS Guide. |
Safari browser security module | This security module can provide proactive gating of suspicious sites accessed using Safari, and provides informative site analysis to the device user. This option is recommended for iOS devices that do not belong to your organization and do not use the Network Shield feature. |
Spam reports | Enables Cortex XSIAM to report calls and messages as spam. |
URL filtering | Enables Cortex XSIAM to analyze and block or report malicious URLs, and to block or allow custom URLs. |