07-09-2023 11:56 PM
Hi,
I have a few Windows 7 and Windows 2008 R2 machines, cannot upgarde Cortex XDR from 7.9.1 to 7.9.2, error message says I am missing Azure Code Signing support and to see KB5022661.
No luck googling, hopefully somebody has a tip for me.
07-10-2023 12:24 AM
Hi @AriKukkonen ,
Please refer to the documentation here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Windows
From March 2023, Microsoft is requesting security vendors to sign binaries using Azure Code Signing. As a result, new Cortex XDR agent versions, released from March are required to have a specific Microsoft Windows patch, in order to install successfully. Note that machines without this patch will not be able to install or upgrade to newer versions of Cortex XDR agent. This will only impact Windows machines running Windows 10 or below. Windows 7 machines must have an extended support license in order to install the patch. Windows 11 machines have this patch pre-installed. Additional information about this security patch and the specific patch number required per operating system build can be found here, KB5022661.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
07-10-2023 12:24 AM
Hi @AriKukkonen ,
Please refer to the documentation here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Windows
From March 2023, Microsoft is requesting security vendors to sign binaries using Azure Code Signing. As a result, new Cortex XDR agent versions, released from March are required to have a specific Microsoft Windows patch, in order to install successfully. Note that machines without this patch will not be able to install or upgrade to newer versions of Cortex XDR agent. This will only impact Windows machines running Windows 10 or below. Windows 7 machines must have an extended support license in order to install the patch. Windows 11 machines have this patch pre-installed. Additional information about this security patch and the specific patch number required per operating system build can be found here, KB5022661.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
09-06-2023 07:00 AM
Hi @neelrohit
"Cortex XDR agent versions, released from March" is a bit vague and I am struggling to find out which exact versions are compatible with systems that don't have the patch.
Could you please provide more information on these:
7.9.100.32595 [CE] - seems it can't install on a system without ACS
7.9.100.30126 [CE] - haven't tested, was this released before or after March?
7.9.3.42617 - if a system running 7.9.0 is configured to automatically upgrade to the latest minor version and it doesn't have the ACS patch it will repeatedly fail to upgrade to upgrade to 7.9.3.
11-27-2023 09:30 AM - edited 11-28-2023 12:32 PM
I can confirm from my own experience that v7.9.100.30126 [CE] requires Azure Code Signing patch.
We ended up having an old installer of v7.9.0.20664 in archives and still registered in the Agent Installer console. It came out Feb 2023 and does not require code signing. It is EOL but still registered the new clients even though PA does not allow us to re-download it from the XDR console anymore.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
