Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-19-2021 10:13 AM - edited 10-19-2021 10:13 AM
We're in a situation where HQ has moved to Cortex XDR, at the satellite facilities, there are PC/Laptops that never touches HQ network and are often standalone systems or is on a competely separate domain and those domain is to never communicate with the HQ domain. To complicate things a little more, some of these other domains are moving targets that are often offline for an extended periods (Maritime).
We were provided an installer Agent 7.3.1, I have it on a Server 2019 and a Win 10 VM as well as a physical Win 10 box. The two VM shows to be checked in and communicating with the trap server but is showing to be disabled. The physical Win 10 refuses to connect to the server at all.
We've always operated our satellite sites using standard alone versions of SEP which has worked well. Is it possible with Cortex XDR?
10-25-2021 10:54 AM - edited 10-25-2021 11:23 AM
Hi Vudoo408,
Let me answer your question directly first then follow up with additional questions and solution. 🙂
With regards to standalone agent installer, you can check the link below (Install or Update Agents Using Installer and Content Package Manually)
Follow up questions: with regards to satellite facilities, are they air gapped environment or they have access to internet directly? If they have then technically as long as the required communication ports/fqdn are open then agents should be able to check-in
If they are air gapped, would setting up broker vm on those satellite facilities an option?
Q:The two VM shows to be checked in and communicating with the trap server but is showing to be disabled.
A:(need to check the policy and profile assigned to the agent whether modules are enabled). Also try installing the latest agent, 7.5.1 instead.
Q: The physical Win 10 refuses to connect to the server at all.
most common culprit are:
A: firewall (either ports are not open from network segment or endpoint firewall itself is blocking)
A: doesnt have updated certificate
You can also submit a support case for PA support to analyze the logs
Once you open/double click the xdr agent icon and open the xdr agent console from the bottom right corner of your screen.
You can click the generate tech support file which will grab the needed support files and output in zip file which you can attach to the case, as alternative if generating tech support file doesn't work, You should be able to see Open Log File, copy/upload that log file on the case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
