After the installation of xdr 7.4.1, our domain controllers began crashing, and even after a reboot they would lock up. Has anyone had any issues with the 7.4.1 release on Windows Server 2012 R2?
Based on a Windows Dump, Microsoft reported the following:
findings- We have checked high Contention Count threads where we were able to see Palo Alto Networks driver tedrdrv.sys in the stack trace which is getting loaded at the time of issue when hang happened.
Request you to remove it to isolate the issue, and check if the issue is happening or not.
Since then, we have uninstalled 7.4.1 and reinstalled 7.4.0 and the issues went away. I have created a ticket with Palo Alto to investigate MS claim.
I have searched the forums and net but have not found any issues related to what we are experiencing. If anyone has had similar issues, please report here. I will keep this updated with new information as it arises. Thank you.
Palo Alto tech support has confirmed other cases involving AD and DC servers where performance is being affected by agent 7.4.1. Since this is a newly found bug, we are currently testing a deployed fix that occurred within the past 30 mins via our data cortex tenant. For those that are having issues, Palo Alto recommends rolling back to the 7.4.0 agent.
Content update 191-66972 is being tested on our data cortex tenant.
Will keep you posted on future updates. Thank you.
There are two ways to do the downgrade: 1) from the console, or 2) using Msiexec
The more direct approach is using Msiexec especially dealing with only a few endpoints. Here is the link on how to complete this process: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-4/cortex-xdr-agent-admin/cortex-xdr-agent-for-...
Hi, what is currently stable version of XDR for windows file server?
I am about to install xdr on several servers (not all at once) and I am about to use new policy and profile (exploit, malware, agent blades) with all default setting. Are there any option that I should change before putting xdr into production environment?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!