How do you manage agent upgrades?

I am trying to manage agent upgrades without allowing the agent to upgrade to new and unstable releases. For example, I do NOT want 7.5.0 upgraded on any system, but I do want the most recent 7.4 release upgraded on all systems. I have run into issues getting releases lower than 7.4 to upgrade to 7.4.2 (current version as of today). I have re...

Bitlocker Disk Encryption Visibility = Not Supported

I am still working through our older PCs with our prior AV and disk encryption and getting over to Cortex and BitLocker. Just noticed all the systems I completed today report "Not Supported" for the Status column. Mousing over says the OS is not supported. I seem to have a handful of other systems with this same status but not all systems...w...

Device Control - Continue to Block, but not create a Violation

With regard to leveraging Device Control Profile and Policies, with regard to Disable USB Hard Drive. Am I missing what is the process to continue to BLOCK a USB Hard Drive, but to not generate a Violation entry for it.Use Case:We are aware of this activity for a specific Device/Vendor (Sony camera, but shows up as Hard Drive as it has a drive ...

Cortex XDR

Hello everybody We recently saw a Cortex XDR app ( Pro per endpoint 200, Pro per TB 1) for activation which was purchased in 5 august in our customer support portal (in Cortex XDR Gateway) . But we did not request any Cortex XDR app. Is it possible Palo Alto give it periodically this for test purpose or after selling to customer. Or any idea? ...

Syslog Splunk Parsing

Hey everyone, First time poster. We just rolled out XDR and having some issues getting data into Splunk. The Splunk TA App says it does not support Syslog, but there is loads of documentation for getting agent logs, alerts, management logs sent to Splunk. It seems there may be a disconnect between the DEV's for the APP and Product Management. H...

Duplicate endpoints both are connected

I'm using Cortex XDR Prevent, I found a duplicate value of one host with different users, different IP's and both are connected, little bit confused how it is possible, ?

What are the consequences of having the endpoint protection status: disabled in Cortex?

Enable the Agent

I had disabled the agent from the portal, how to re-enable it back from the portal, please support.

I have two queries for Cortex XDR for cloud identity engine and browser protection.

Hi, I have deployed Cortex XDR in my environment and I have two queries it features. 1. I have integrated the on-premises AD with the help of a DSS agent and cert. It is connected and is synced in the cloud identity engine. So what is the purpose of the AD in Cortex XDR why it is used and can we configured the user and group base policy. if yes ...

High Alert wininfo.exe

received alert from Traps regarding malware detection of the maximum system due to file “Wininfo.exe”.Please find a snapshot of one system and suggest how to fix this. Is there any impact? CORTEXXDR WildFire MalwareHighSource:XDR AgentCategory:MalwareAction:Detected (Post Detected)Host:SS-akhilUsername:N/AStarred:NoExcluded:NoAlert:1240Incident...

After Uninstall Trap 7.2.2 from the machine - Cisco AnyConnect VPN started to work

When logging into Cisco AnyConnect VPN, the prompt: Login denied. Your environment does not meet the access criteria defined by your administrator. After trying various methods, it cannot be solved: Then we have uninstalled the Traps - 7.2.2 from the machine, the SSL-VPN started to work. I mean the Traps Uninstall made the VPN works

Anyone using Palo Alto Cortex XDR and/or Critical Start?

We are looking to replace our current aging AV system (Trend Micro) next year as we are up for renewal. We're a relatively small shop. ~475 employees.We are looking at jumping on the Palo Alto Cortex XDR bandwagon (We currently utilize their firewalls as well) and we are curious if anyone here actually uses this system and has any feedback. We d...