The original post: /r/cybersecurity by /u/leaker929 on 2025-02-22 01:39:25.
I work for a small school and we’ve been told there’s no budget for a cybersecurity person, so we cover what we can and leverage Cortex (PaloAlto) and Proofpoint for some prevention measures. We have an esports team - windows machines are domain joined and on a separate vlan but still have access to network resources. They play Marvel Rivals and an update came out today that Cortex blocked. The reasoning was both that it was trying to install WinRing0.sys (can be exploited but can be legit is my understanding) and also trying to HIDE that driver as powershell. Would you allow it through on esports endpoints? Cortex support showed us how but said to be very cautious. Any advice?
You must log in or register to comment.