Palo Alto Networks Security Advisories / PAN-SA-2022-0003

PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module



The Palo Alto Networks Product Security Assurance team is aware of a specifically crafted proof of concept (PoC) that reduces the effectiveness of the Cortex XDR agent Anti-Ransomware endpoint protection module. The specific technique used in the PoC does not impact behavioral threat protection, malware scanning, or other endpoint protection capabilities that detect security events and prevent attacks.

Product Status

Cortex XDR Agent All agents with a content update earlier than CU-610All agents with CU-610 or a later content update

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this technique are expected to become publicly available.


This technique is detected by Cortex XDR agents on Windows with content update 610 and later content update versions.


Palo Alto Networks thanks Itay Migdal at SafeBreach for discovering and reporting this issue.


Initial publication
© 2023 Palo Alto Networks, Inc. All rights reserved.