Palo Alto Networks XDR-Analyst Exam - Topic 4 Question 8 Discussion

Actual exam question for Palo Alto Networks's XDR-Analyst exam

Question #: 8
Topic #: 4

[All XDR-Analyst Questions]

Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?

Ain the macOS Malware Protection Profile to indicate allowed signers

Bin the Linux Malware Protection Profile to indicate allowed Java libraries

CSHA256 hashes cannot be used in Cortex XDR Malware Protection Profiles

Din the Windows Malware Protection Profile to indicate allowed executables

Show Suggested Answer

Suggested Answer: D

Cortex XDR Malware Protection Profiles allow you to configure the malware prevention settings for Windows, Linux, and macOS endpoints. You can use SHA256 hash values in the Windows Malware Protection Profile to indicate allowed executables that you want to exclude from malware scanning. This can help you reduce false positives and improve performance by skipping the scanning of known benign files. You can add up to 1000 SHA256 hash values per profile. You cannot use SHA256 hash values in the Linux or macOS Malware Protection Profiles, but you can use other criteria such as file path, file name, or signer to exclude files from scanning.Reference:

Malware Protection Profiles

Configure a Windows Malware Protection Profile

PCDRA Study Guide

by Tijuana at Apr 04, 2026, 04:27 PM

Limited Time Offer

25%

2 months ago

I think SHA256 hashes are definitely used in the Windows Malware Protection Profile, but I'm not sure if it's for executables or something else.

upvoted 0 times

...