Cortex Agent version 5.0

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex Agent version 5.0

L3 Networker

Hello Team,

Can you help with below queries

  • When is the end of life for version 5
  • what should we do after EOL
  • What are the risks associated with using an old but supported version -  are new updates/content updates applied on them
  • what are the alternate control that could be used in place of XDR once the agent goes EOL





L5 Sessionator

Hi @Shashanksinha ,


Thank you for writing to live community!


Following is the response to your query below:

  1. Please refer to End Of Life summary for all PANW products here: Cortex XDR Agent End of Life Summary 
  2. The Traps agent or agent 5.0 is a native agent with no enhnaced detection capabilities as of date and supported on very old operating system versions which have been announced EoL by OS OEMs more than 2 years ago. With the passing of time, it is also recommended that these OS should be decommissioned which means organisations should strive to update to the latest OS versions for latest features, functionality and support in terms of business operations and cybersecurity standards. If you look at the agent installation matrix, you would find clearly that the agent is supporting installation on Operating Systems which can now be declared as borderline antique let alone being outdated. Post EoL, Palo Alto Networks will not support installation of any agent version on these OSs and the ultimate change would be to replace the OS with latest or the farthest supported OS.
  3. Even today with the agent 5.0, which does not provide any EDR data collection, endpoints with these agents do not provide enough security context to support an advanced next gen security solution which means the most advanced TTPs are not detected as such which essentially would be available with the latest agents. On top of that new protection modules which have dependency on minimum agent version(take eg of Java Deserialisation Protection on Windows to protect against Log4j attacks which needs minimum of agent 7.6 to work for detection and 7.7 for prevention) would not be applicable for these outdated agents. Also, once the agent goes EoL, all the content updates which enhance security, stability and compatibility of the agent on the endpoint will be stopped. This essentially means that any new security updates and protection against any zero day attacks(which could be covered as part of the base minimal functionality of the agent will not be covered) and any performance issues and stability issues will not be handled by Palo Alto Networks support anymore. 
  4. Customers can adopt their own strategies and methodologies to perform the protection. As mentioned in 3rd, having an EoL agent on an antique software though is not a recommended, but you have protection in its base minimal functionality until the last date of EoL. Post that customers can choose their own strategy to think about the future of the endpoint and possibly upgrade the OS and stay on top of the best possible available security updates with Cortex XDR agents available at that time.

Hope this helps!


Please mark the response as "Accept as Solution" if it answers your query.

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!