Cortex xdr 7.0 and 7.1 agent end of life

cancel
Showing results for 
Search instead for 
Did you mean: 

Cortex xdr 7.0 and 7.1 agent end of life

L2 Linker

Hi All,

 

We need to upgrade the cortex agent from version 7.1 to 7.3 via console. My concern is how can we exclude a certain range of endpoints (Suppose we have 5000 endpoints and we want to exclude 800 endpoints) from upgrading.

 

I have created an endpoint group that we want to exclude. but not sure how to exclude.

 

Can anyone please advise?

 

 

Regards

Asif Siddiqui

1 ACCEPTED SOLUTION

Accepted Solutions


@AsifSid wrote:

Hi Gjenkins,

 

There is one more question I have that if we are upgrading the agent version via the SCCM tool (deployment tool), do we need to uninstall the old version first and then install the new version or we can upgrade on top of the old version.

 

Regards

Asif Siddiqui


Hi @AsifSid,

 

An uninstall is not required to upgrade using a third-party deployment tool such as SCCM. The installation package looks for a preexisting version of the Agent and prepares to update components as required.

--gjenkins

View solution in original post

7 REPLIES 7

L4 Transporter

Hi @AsifSid ,

I understand that you want to exclude a number of devices from a group so that you can perform an upgrade job. This would be a use-case for filtering (Walkthrough.) Could you share the criteria by which you need to exclude? What identifiers make them unique from the devices that need to be updated? If that information can be defined, I should be able to help you create a filter in Cortex XDR.

--gjenkins

Hi gjenkins,

 

Thank you so much for your reply, The criteria or reason for excluding those systems from upgrading is that those systems used by certain client users to connect to their network via Citrix, and there is a host checker which checks the host before allowing the connection and cortex agent version 7.3 is not on their list of supported AV (only version 7.1 is supported which is soon going to be the end of life).

 

Since the end of life for version 7.1 is 4rth June 2021, so we want to upgrade all the systems to version 7.3 and exclude the remaining systems.

 

Now I have created a static group for these systems to be excluded from the upgrade. I need to understand when I will create an agent policy for auto-upgrade these static groups should be excluded.

 

One more question is if we decide to use the Bigfix tool (it's like the SCCM tool) to upgrade from 7.1 to 7.3 , any idea if we can install the new version on top of the old version? or do we have to uninstall the old version first and then install the new version?

 

 Awaiting reply.  Thanks!

 

Regards

Asif Siddiqui

 

Hi @AsifSid ,

 

I'm glad to hear that you've created a static group for the endpoints that should be excluded from the upgrade. That was the hard part if you could believe it.

 

The next steps involve creating a new cloned policy with only those endpoints in scope and making that cloned policy higher in priority than the original policy so that it takes precedence. Here are the steps to do so:

 

  1. Clone the existing policy that contains the endpoint group to be excluded.  Clone_a_Policy_Take_II.gif

  2. Move the cloned policy to a position higher than the original policy and save.Prioritize_a_Policy_Take_I.gif
  3. Clone the Agent Settings profile attached to your cloned policy. Clone_Agent_Settings_Profile_Take_II.gif

  4. Apply the cloned profile to your cloned policy and save the changes. Change_Agent_Settings_Profile_in_Policy_Take_I.gif
  5. Change the scope of your cloned policy to include only the endpoints to be excluded by filtering for your group. Change_Policy_Scope_to_Group_Take_II.gif

  6. Configure auto-update to the target version of Cortex XDR for the original policy that contains the endpoints that will update.
--gjenkins

PS: For your upgrade tool, you can use the standalone installer to perform the upgrade. It has the instructions needed to perform the uninstallation of the old version and installation of the new one.

 

gjenkins_0-1618613277785.png

 

 

Reference: Source Documentation 

--gjenkins

L2 Linker

Hi,

 

Could you please elaborate more on the logic?

L2 Linker

Hi Gjenkins,

 

There is one more question I have that if we are upgrading the agent version via the SCCM tool (deployment tool), do we need to uninstall the old version first and then install the new version or we can upgrade on top of the old version.

 

Regards

Asif Siddiqui


@AsifSid wrote:

Hi Gjenkins,

 

There is one more question I have that if we are upgrading the agent version via the SCCM tool (deployment tool), do we need to uninstall the old version first and then install the new version or we can upgrade on top of the old version.

 

Regards

Asif Siddiqui


Hi @AsifSid,

 

An uninstall is not required to upgrade using a third-party deployment tool such as SCCM. The installation package looks for a preexisting version of the Agent and prepares to update components as required.

--gjenkins
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!