Any specific post-installation procedure / configuration required to make sure the protection running on Mac without affecting performance ?

Hi @KennyKwan,

Running the Malware Prevention and Exploit Prevention profiles in monitoring mode does not mean the Cortex XDR agent is inactive. The agent still performs telemetry collection, behavioral monitoring, file activity monitoring, and other endpoint visibility functions, so some resource consumption is expected.

However, significant slowdowns when accessing websites such as AWS Console or WhatsApp Web are not typically expected on a properly functioning deployment. I would recommend checking the following:

• Verify the macOS version, Cortex XDR agent version, and content version.

• Confirm all required macOS permissions (System Extension, Network Extension, Full Disk Access, etc.) were deployed correctly.

• Check whether another security product (Microsoft Defender, CrowdStrike, SentinelOne, Sophos, etc.) is running on the same endpoint, as multiple endpoint security tools can introduce performance issues if exclusions are not configured.

• Compare performance across different browsers (Safari, Chrome, Edge) to determine whether the issue is browser-specific.

• Monitor CPU, memory, disk I/O, and network activity of Cortex processes during the reported slowdown.

• Review whether the issue is affecting all pilot Macs or only a subset of devices.

• Collect Cortex XDR diagnostic logs and engage Palo Alto Support if the issue can be reproduced consistently.

Regarding the value of Cortex XDR on macOS, organizations typically deploy it for endpoint telemetry, behavioral threat detection, malware prevention, incident investigation, threat hunting, response actions, and centralized visibility across Windows, Linux, and macOS devices.

Additional information such as macOS version, Apple Silicon vs. Intel hardware, content version, and coexistence with other security products would help narrow down the root cause.

Best Regards,

Vinothkumar C