Cortex Filter on MacOS prevents internet connectivity

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex Filter on MacOS prevents internet connectivity

L1 Bithead

Hey everyone,

 

We're having some issues with the most recent Agent Version on MacOS (7.9.0.2505).

 

When some of our clients were upgraded to this version they suddenly lost internet connectivity. The only thing that worked for them was to remove Cortex XDR from under Settings -> Network -> Filters & Proxies, by pressing the minus button.

 

All of the clients regain connectivity to the internet when doing the procedure above, but not all of them become "Connected" in the Endpoints dashboard.

We don't have any rules set up that would block network connectivity and it only started happening when version 7.9. was released for our tenant.

 

This is happening to both Monterey and Ventura users, to fresh installs and upgrades too.

 

 

We've already checked out the similar issue available here, but that's all we could find and we're not sure if our users are using multiple adapters at a time.

 

Has anyone else experienced anything similar?

 

 

Best,

 

AdminVavtar

2 REPLIES 2

L4 Transporter

Hi @AdminVavtar,

Thank you for writing to Live Community. I went ahead and asked our support team - as of today there have been no reports of a widespread issue.

I recommend opening a support ticket for each of your customers so that we can do proper research regarding the cause of the issue.


Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events: Cortex XDR Customer Corner

Hey @mavraham, thanks for the reply.

 

We've opened a support case as apparently Cortex got uninstalled from the endpoints during the agent upgrade without ever getting the supervisor password.

 

Trying to narrow down the factors didn't help much, as both x86 and ARM are affected, with seemingly no connection except a lingering "Palo Alto Login Items" notification that persists for days on end, even if Cortex is not installed.

 

A reinstall has helped in almost all cases, except for one where the user-facing icon for Cortex in the status bar doesn't appear at all, but the device is Connected and available in the web dashboard.

 

Sadly we're also not able to collect standard tech support files with cytool, as it doesn't even show up as installed.

  • 2404 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!