https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/598310#M7201 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/256101">@nsinghvirk</a>&nbsp;,</P> <P>&nbsp;</P> <P>thanks for your reply. The ways to disable and monitor the capabilities are clear.</P> <P>&nbsp;</P> <P>The problem is they were not disabled during or after the installation. "After" is confirmed once more over the Audit Logs. For "During" the customer says they have not disabled it during installation using any flags or so.</P> <P>&nbsp;</P> <P>Thats why I asked if anyone else has experienced sth similar.</P> Thu, 19 Sep 2024 15:33:43 GMT AbdBgc 2024-09-19T15:33:43Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/597980#M7187 <P>Hi all,</P> <P>&nbsp;</P> <P>in one of our customers with the installation of XDR agent version 8.5 the Response Capabilities (<SPAN>File Retrieval, Live Terminal, Script Execution</SPAN>) were disabled from the very beginning on many of the endpoints. As there is no other way, the agents were uninstalled and reinstalled as a solution. But we could not identify the main reason. Eventhough they did not change anything on the installation process they dont have the problem with the new installation now.</P> <P>&nbsp;</P> <P>What could the reason be? Has anyone experienced sth similar?</P> <P>&nbsp;</P> <P>Thanks in advance for your answers.&nbsp;</P> Tue, 17 Sep 2024 07:32:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/597980#M7187 AbdBgc 2024-09-17T07:32:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/598023#M7195 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/487095937">@AbdBgc</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>There are two ways to disable these XDR capabilities. One is by setting specific flags in msiexec command line during installation. Second is from XDR tenant, by going to specific endpoint in all endpoints then right click -&gt; Endpoint control -&gt; Disable capabilities.&nbsp;</P> <P>If flags were not set during installation then someone must have disabled capabilities from XDR tenant. You can monitor this activity in management audit logs with type "Response" and sub type "disable capability".</P> <P>&nbsp;</P> <P>Please c<SPAN>lick&nbsp;</SPAN><STRONG>Accept as Solution</STRONG><SPAN>&nbsp;to acknowledge that the answer to your question has been provided.</SPAN></P> Tue, 17 Sep 2024 16:30:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/598023#M7195 nsinghvirk 2024-09-17T16:30:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/598310#M7201 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/256101">@nsinghvirk</a>&nbsp;,</P> <P>&nbsp;</P> <P>thanks for your reply. The ways to disable and monitor the capabilities are clear.</P> <P>&nbsp;</P> <P>The problem is they were not disabled during or after the installation. "After" is confirmed once more over the Audit Logs. For "During" the customer says they have not disabled it during installation using any flags or so.</P> <P>&nbsp;</P> <P>Thats why I asked if anyone else has experienced sth similar.</P> Thu, 19 Sep 2024 15:33:43 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/disabled-capabilities-of-xdr-on-instaallation/m-p/598310#M7201 AbdBgc 2024-09-19T15:33:43Z