PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module
The Palo Alto Networks Product Security Assurance team is aware of a specifically crafted proof of concept (PoC) that reduces the effectiveness of the Cortex XDR agent Anti-Ransomware endpoint protection module. The specific technique used in the PoC does not impact behavioral threat protection, malware scanning, or other endpoint protection capabilities that detect security events and prevent attacks.
|Cortex XDR Agent||All agents with a content update earlier than CU-610||All agents with CU-610 or a later content update|
Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this technique are expected to become publicly available.
This technique is detected by Cortex XDR agents on Windows with content update 610 and later content update versions.
Palo Alto Networks thanks Itay Migdal at SafeBreach for discovering and reporting this issue.