How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
Cortex XDR agent for Windows prevents ransomware attacks from compromising the file system by utilizing decoy files. The agent employs these decoy files to attract ransomware. When the ransomware tries to manipulate the decoy files, such as writing to, renaming, moving, deleting, or encrypting them, the Cortex XDR agent analyzes the behavior and intervenes, thereby stopping the ransomware activity before any actual data loss occurs.
My answer would be: B
Correct Answer: B Behavior-Based Ransomware Protection This module protects against encryption-based behavior associated with ransomware by analyzing and stopping ransomware activity before any data loss occurs. To combat these attacks, Cortex XDR employs decoy files to attract the ransomware. When the ransomware attempts to write to, rename, move, delete, or encrypt the decoy files, the Cortex XDR agent analyzes the behavior and prevents the ransomware from encrypting and holding files hostage. When configured to operate in Prevention Mode, the Cortex XDR agent blocks the process attempting to manipulate the decoy files. When you configure this module in Notification Mode, the agent logs a security event.