Since no image was provided, I assume the Malware profile is configured with default Cortex XDR settings, which typically enforce strict malware prevention for unknown or untrusted executables. In Cortex XDR, theMalware profilewithin the security policy determines how executables are handled on endpoints. For anew custom-developed application(an unknown executable not previously analyzed or allow-listed), the default behavior is toblock executionuntil the file is analyzed byWildFire(Palo Alto Networks’ cloud-based threat analysis service) or explicitly allowed via policy.
Correct Answer Analysis (B):By default, Cortex XDR’s Malware profile is configured toblockunknown executables, including new custom-developed applications, to prevent potential threats. When the application attempts ilustrator execute, the Cortex XDR agent intercepts it, sends it to WildFire for analysis (if not excluded), and blocks execution until a verdict is received. If the application is not on an allow list or excluded, itwill not executeimmediately, aligning with option B.
Why not the other options?
A. It will immediately execute: This would only occur if the application is on an allow list or if the Malware profile is configured to allow unknown executables, which is not typical for default settings.
C. It will execute after one hour: There is no default setting in Cortex XDR that delays execution for one hour. Execution depends on the WildFire verdict or policy configuration, not a fixed time delay.
D. It will execute after the second attempt: Cortex XDR does not have a mechanism that allows execution after a second attempt. Execution is either blocked or allowed based on policy and analysis results.
Exact Extract or Reference:
TheCortex XDR Documentation Portalexplains Malware profile behavior: “By default, unknown executables are blocked until a WildFire verdict is received, ensuring protection against new or custom-developed applications” (paraphrased from the Malware Profile Configuration section). TheEDU-260: Cortex XDR Prevention and Deploymentcourse covers Malware profiles, stating that “default settings block unknown executables to prevent potential threats until analyzed” (paraphrased from course materials). ThePalo Alto Networks Certified XDR Engineer datasheetincludes “Cortex XDR agent configuration” as a key exam topic, encompassing Malware profile settings.
[References:, Palo Alto Networks Cortex XDR Documentation Portal:https://docs-cortex.paloaltonetworks.com/, EDU-260: Cortex XDR Prevention and Deployment Course Objectives, Palo Alto Networks Certified XDR Engineer Datasheet:https://www.paloaltonetworks.com/services/education/certification#xdr-engineer, Note on Image: Since the image was not provided, I assumed a default Malware profile configuration. If you can share the image or describe its settings (e.g., specific allow lists, exclusions, or block rules), I can refine the answer to match the exact configuration., ]
Submit