https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567181#M5627 <P>Hello all,<BR /><BR />Wanted to ask if any of you had something similar happening around.<BR /><BR />Scenario :&nbsp;<BR /><BR />2 systems (just as an example, as they are more) - 1 of the systems gets decrypted after a system update was done (BIOS, driver updates etc.) , the other system does not get decrypted for the same updates, instead the BitLocker suspends itself and after the upgrade is done, it 'resumes' itself (which in my opinion is the correct expectation). This information I get from Event Viewer (sadly I can't see what the decryption issue is there, neither can I see it in the traps logs).<BR /><BR />Both of the systems are using the same encryption profile from Cortex, both of the systems are using the same GPO configuration that pushes Cortex BitLocker encryption.<BR /><BR />At first I though it might be related to no AD connectivity prior to the upgrade initiation, but this was false, I checked if Secure boot might cause it, but this was also false. Both of the systems are using UEFI.<BR /><BR />Anybody got any idea what specs/configs I need to check/compare for those systems that decrypt and those that do not?<BR /><BR />Thank you!</P> Mon, 27 Nov 2023 10:33:09 GMT milen.slavov 2023-11-27T10:33:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567181#M5627 <P>Hello all,<BR /><BR />Wanted to ask if any of you had something similar happening around.<BR /><BR />Scenario :&nbsp;<BR /><BR />2 systems (just as an example, as they are more) - 1 of the systems gets decrypted after a system update was done (BIOS, driver updates etc.) , the other system does not get decrypted for the same updates, instead the BitLocker suspends itself and after the upgrade is done, it 'resumes' itself (which in my opinion is the correct expectation). This information I get from Event Viewer (sadly I can't see what the decryption issue is there, neither can I see it in the traps logs).<BR /><BR />Both of the systems are using the same encryption profile from Cortex, both of the systems are using the same GPO configuration that pushes Cortex BitLocker encryption.<BR /><BR />At first I though it might be related to no AD connectivity prior to the upgrade initiation, but this was false, I checked if Secure boot might cause it, but this was also false. Both of the systems are using UEFI.<BR /><BR />Anybody got any idea what specs/configs I need to check/compare for those systems that decrypt and those that do not?<BR /><BR />Thank you!</P> Mon, 27 Nov 2023 10:33:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567181#M5627 milen.slavov 2023-11-27T10:33:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567796#M5640 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/280873">@milen.slavov</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for reaching out through LIVEcommunity!&nbsp;</P> <P>&nbsp;</P> <P>After reading your issues I'd highly suggest creating a support ticket and having our TAC engineers take a look into this issue.&nbsp; Digging deeper into this issue to provide you with useful information is going to require you to upload some logs in order to gather more information.&nbsp;&nbsp;A support case can be created <A href="https://support.paloaltonetworks.com/Support/Index" target="_blank">here</A>.</P> <P>&nbsp;</P> <P>I hope you find this information helpful.</P> Thu, 30 Nov 2023 15:28:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567796#M5640 anlynch 2023-11-30T15:28:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567797#M5641 <P>Hi&nbsp;Milen.Slavov,</P> <P>&nbsp;</P> <P>Please ensure:</P> <UL> <LI>the endpoint is AD connected and that an AD DS role is installed on the endpoint.</LI> <LI>Cortex XDR disk encryption policy does not conflict with the GPO configuration to Choose drive encryption method and cipher strength. Reference&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Disk-Encryption" target="_blank">Disk Encryption • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documentation portal</A></LI> </UL> <P>Please open a <A href="https://live.paloaltonetworks.com/t5/community-blogs/opening-a-new-support-case-in-the-customer-support-portal-csp/ba-p/284277" target="_self">support case</A> for analysis.&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> <P>&nbsp;</P> <P>Thank you</P> Thu, 30 Nov 2023 15:35:00 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/question-regarding-random-decryption-when-using-cortex-xdr/m-p/567797#M5641 jtalton 2023-11-30T15:35:00Z