08-26-2022 08:19 AM
Dear Live Community Members,
My customer is facing issues when trying to remove Cortex XDR.
In short, uninstalling the software is not removing all the config, and it gets all the old settings back, like the broker and other stuff.
We even used the command CLEAN_AGGRESIVLY=1, but it still comes back with the wrong broker and settings from the previous install.
We've also tried the Cortex_Cleaner_Tool and the customer ran the cleaner once, as an administrator. Then rebooted the machine. Ran the cleaner again as administrator, then rebooted again. But the Cortex broker settings are still there, and the old log files are there as well.
*We've been using the XdrAgentCleaner_7.6.0.43778 version to remove the 7.8 release
So maybe the newest version is required... Has anyone the newest Cortex cleaner tool for version 7.8 and up that could share with me?
I'm considering reinstalling the OS on the affected machine, while by reimagining the OS on the endpoint we'll make sure there is nothing left from the old installation of Cortex XDR but it's the last resort and maybe there is something else we could do?
I'm wondering if anyone has been faced with a similar issue and could advise what's the best way to move forward?
The customer is also asking if he can manually override these settings, and remove the rest of the Cortex settings/logs.
Should we reinstall the OS, or maybe we could involve the PA TAC to help us with that?
I will really appreciate your help and any hints to address this issue.
Thank you in advance!
10-12-2022 07:58 AM
Dear All,
We've escalated this to Palo Alto TAC, and Agent Cleaner for XDR agent version 7.8 has been provided.
The issue has been solved!
Thank you!
08-26-2022 10:18 AM
Hi @A_Adamski,
I would definitely recommend reaching out to TAC in this case before reinstalling the OS on the affected endpoint. There is a newer version of the cleaner tool available for 7.8 which TAC can provide to assist with the removal.
08-26-2022 11:01 AM
hi @A_Adamski ,
The agent 7.8 has a new agent cleaner which can be used for agent 7.8 and below. Also, once you uninstall, the folders can be deleted post a reboot.
If you have some residual files in the system, you can log in to safe mode and try removing the files post uninstall.
10-12-2022 07:58 AM
Dear All,
We've escalated this to Palo Alto TAC, and Agent Cleaner for XDR agent version 7.8 has been provided.
The issue has been solved!
Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
