This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4420 Views
  • 0 replies
  • 3 Likes

Any specific post-installation procedure / configuration required to make sure the protection running on Mac without affecting performance ?

Dear All, Having a few MacOS devices (iMac, MacBook Pro) installed with Cortex XDR agent v9.2.0 for piloting (procedure follow through https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/9.2/Cortex-XDR-Agent-Administrator-Guide/Install-the-Cortex-XDR-Agent-Manually) They are running on monitoring (without blocking on "malware profile" and ...

Cortex XDR and Sandboxie

Hello, We have installed Cortex XDR on a VM that also runs a sandbox tool (Sandboxie). As long as Cortex XDR is enabled, processes cannot be started within the sandbox (e.g., msedge.exe, cmd.exe, explorer.exe). It only works if I create a "Disable Injection and Prevention" rule for these processes. How can I resolve this permanently? I suspect...

M.Wempen by L1 Bithead
  • 200 Views
  • 2 replies
  • 0 Likes

XDR agent disconnected after automatic upgrade

After automatic upgrade is performed an endpoint now is disconnected with this message: XDR Agent failed to upgrade from version 9.1.0.20483 to version 9.2.0.120 on 79433PC with error: The content package was faulty or could not be downloaded. Is there a way to reconnect it to XDR console?

Operational Exception without Case

We are currently facing an issue with a Windows service. This service only functions properly after we add a specific executable (.exe) to the Operational Agent Exceptions . We haven’t seen any corresponding case or alert in the console, meaning Cortex XDR is not actively blocking anything. This raises the following questions: 1) Wildcards in Op...

M.Wempen by L1 Bithead
  • 228 Views
  • 1 replies
  • 0 Likes

Understanding Inline Cloud Analysis C2 Detections and False Positives in Cortex XDR

Hi everyone, I am currently investigating several Cortex XDR incidents that originate from Palo Alto Networks Firewall Security Profiles, specifically detections related to Inline Cloud Analysis, Anti-Spyware C2 classifications. What I am trying to better understand is why a relatively large amount of legitimate-looking web traffic is being clas...

Partialy protected

Hello everyone, I'm having issues with my Cortex XDR agent. The operational status is partially protected, with the following details:1. The OS I'm using is Ubuntu 24.04.02. I'm using the latest agent installer, version 9.2.0.1193. The operational status details generally state that the Linux kernel cannot be loaded. Is there a solution I can tr...

Cortex XDR Device Control Violation Alerts

Hi All, We enabled device configurations to block external devices connecting to endpoints in the organization and its work fine. In the Cortex XDR console, I can see the device control violations. We want to create alerts to detect the Device Control Violation based on a BIOC rule, as this is the only available option. I tried several...

Suspicious executable detected Microsoft Store Purchase App

Hello everyone, Has anyone seen this process appear in Cortex XDR? C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22603.1401.4.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe It’s showing up on an endpoint, but Cortex XDR isn’t providing any additional details, alerts, or related events. Before I dismiss it, I want to confirm whether thi...

Getting Cortex Copilot

Hello Team, I have been researching the Cortex Copilot functionality and would like to clarify a few points regarding availability, licensing, and compatibility. Currently, we have a Cortex XDR Pro license, and I would like to understand: How can we obtain or enable the Cortex Copilot functionality? Is there any additional license, subscription...

Cortex XDR MITRE ATT&CK v16 -- We're Now on v19. Can We Talk About This?

Hey LIVEcommunity, I have been sitting on this for a while and finally decided to write it up because I am pretty sure I am not the only one running into this. If you are a detection engineer or SOC analyst building BIOCs in Cortex XDR and leaning on MITRE ATT&CK to organize your detection coverage, this one is for you. So Here Is What Ha...

D.Ogle by L0 Member
  • 954 Views
  • 2 replies
  • 4 Likes

Need XdrAgentCleaner.exe for Cortex XDR agent version 7.9.1 - Anti-Tampering enabled

Hi everyone, I'm an IT technician and I'm trying to uninstall Cortex XDR agent version 7.9.1.26645 from a Windows 11 workstation. Unfortunately, I'm facing the following issues: - The standard uninstall from Programs & Features fails with: "Anti-Tampering is enabled. Please disable Anti-Tampering and retry the operation." - cytool protec...

Resolved! After more than 2 years Linux vulnerability reporting is still useless.

It is about 2 years ago that the Linux vulnerabilities reporting issues where announced to Palo Alto.It's still not fixed. 😞It looks like Cortex does not look beyond the dash in the version numbers of installed applications. For example; Cortex is reporting a vulnerable zlib 1.2.11The one actually installed was: zlib.x86_64 1.2.11-40.el9which ...

Resolved! Local Analysis and Exceptions

Hey,we are struggling with the following Case with understanding local Analysis, Macros and writing a useful exceptions. Local Analysis is alerting on a WinWord.exe with "Macro(s) in Winword.exe". The Macro is only mentioned by hash. Exception with Disable Prevention Rules for local analysis on the macro hashes are not working, similarly on Wi...

J.Motz by L0 Member
  • 341 Views
  • 1 replies
  • 0 Likes

Reports no longer shows the source of an incident

Hello, One of our customers pointed out that since the 5.0 update of the Cortex console, the report output has changed.Before the update, the reports always displayed the source of the incident (as highlighted in the “Before.png” file). Since the 5.0 update, as you can see in the “Now.png” file, the source of the incident is not always displayed...

C.PAPET by L0 Member
  • 415 Views
  • 1 replies
  • 0 Likes
  • 2616 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks