Skip to main content
  • EN
Solved

Cortex XDR as Antivirus Engine

Is anybody using Cortex XDR along with Veeam? It should be fairly easy to extend the Antivirus definition file, but I can’t find any information about how (or even if) Cortex can be called to scan a specific file.

6 comments

Chris.Childerhose
Userlevel 7
Badge +21

Not sure if that AV is even supported with Veeam.  Check here for how the AV process works and configurations - Antivirus Configuration File - User Guide for VMware vSphere (veeam.com)

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
renner-stefan
Userlevel 1
Badge

Any AV is supported as you can write your definition file on your own. The once we liste in the definiton file ourselves are just the ones we tested in QA. I will keep you posted on Cortex XDR

Chris.Childerhose
Userlevel 7
Badge +21

Any AV is supported as you can write your definition file on your own. The once we liste in the definiton file ourselves are just the ones we tested in QA. I will keep you posted on Cortex XDR

Thanks for clarifying this.  Looking forward to the results.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
geschnei
Userlevel 1
Badge

After discussing the issue further with my colleague who is responsible for our AV we came to the conclusion that it might be better to use Defender (or other classical AV solutions) for these scans, since Cortex XDR is a behavioral scanner and might not be the best solution for pure file scanning.

We ended up editing the AV definition XML file on the mount server to change the IsPortableSoftware='false' of the Defender entry to IsPortableSoftware='true', so Veeam ignores the disabled state of the Defender service. Now Veeam is utilizing Windows Defender for SureBackup and Secure Restore while Cortex keeps scanning for behavioral anomalies in the background.

Still, if other people are using Cortex XDR I’d be interested in their opinions on this matter.

VMCE 2023 | Mastodon: https://social.tchncs.de/@schneidr | Blog: https://schneidr.de
Chris.Childerhose
Userlevel 7
Badge +21

After discussing the issue further with my colleague who is responsible for our AV we came to the conclusion that it might be better to use Defender (or other classical AV solutions) for these scans, since Cortex XDR is a behavioral scanner and might not be the best solution for pure file scanning.

We ended up editing the AV definition XML file on the mount server to change the IsPortableSoftware='false' of the Defender entry to IsPortableSoftware='true', so Veeam ignores the disabled state of the Defender service. Now Veeam is utilizing Windows Defender for SureBackup and Secure Restore while Cortex keeps scanning for behavioral anomalies in the background.

Still, if other people are using Cortex XDR I’d be interested in their opinions on this matter.

Glad you were able to come to a resolution on this one.  I am still interested as well in hearing about the Cortex XDR solution just for my own learning. 😁

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
Userlevel 7
Badge +6

I appreciate you marking your own response as the answer as that’s very insightful for all.  I haven’t ventured too much into this integration, but I hadn’t considered the difference of an XDR vs antivirus/antimalware engine in this scenario.

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2023 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke

Comment


Terms & Conditions