Hi @Piotr_Kowalczyk ,
Thank you for writing to live community!
In your previous discussion query, one of the responses mentioned that Azure Code Signing is a must patch for all Windows Endpoints to be able to install Cortex XDR agents released after February, 2023.
Since 7.9 CE is an agent version which was released in March, 2023, qualifies to have Azure Code signing patch on the endpoint. Because this is related question for the same, I am also adding some context to visualise and make sure which endpoints in your environment have Azure Code signing patch installed, Palo Alto Networks has provided a script in the script library to allow testing on endpoints to see if Azure Code signing is installed and if endpoint supports ACS signatures. If the result gives the output of "False", it implies the endpoint does not have Azure Code Signing Patch and ay agent version released post February, 2023 cannot be installed on the endpoint. The output comes in both report format and detailed format and you can check the list of endpoints out of the same to ensure they have ACS to allow installation for the mentioned CE version.
Also in your case as we have seen in previous discussions, if ACS installation is a challenge, though it is not recommended, however, as a last mile resort, you can revert to the option to install 7.5CE. True that you will lose functionalities and new capabilities included with 7.9 or 7.9CE(let alone 8.1.x which is the latest), you can get EoL till March, 2024 as a reference Window. However, you cannot downgrade to 7.5CE and you will have to reinstall the agents with the CE version till the time patching is not fixed.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
Thank you for writing to live community!
This was expected as shared in other LC Post https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-convert-cortex-xdr-agent-to-criti... for new Cortex XDR agent versions, released from March are required to have a specific Microsoft Windows patch, in order to install successfully.
And in this case seems your server didn't had ACS patch due to which installation failed, sharing again this MS doc which shares specific patch number required per operating system build. Therefore verify/install the relevant patch on your server to support ACS before upgrading/installing to 7.9CE Cortex XDR agent version.
Additionally we also have script in XDR to check/validate if endpoint/server have patch for Azure Code Signing.
Navigate to Incident Response -> Action Center -> New Action -> Run Endpoint Script -> test_acs
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
Hi @Piotr_Kowalczyk ,
Thank you for writing to live community!
In your previous discussion query, one of the responses mentioned that Azure Code Signing is a must patch for all Windows Endpoints to be able to install Cortex XDR agents released after February, 2023.
Since 7.9 CE is an agent version which was released in March, 2023, qualifies to have Azure Code signing patch on the endpoint. Because this is related question for the same, I am also adding some context to visualise and make sure which endpoints in your environment have Azure Code signing patch installed, Palo Alto Networks has provided a script in the script library to allow testing on endpoints to see if Azure Code signing is installed and if endpoint supports ACS signatures. If the result gives the output of "False", it implies the endpoint does not have Azure Code Signing Patch and ay agent version released post February, 2023 cannot be installed on the endpoint. The output comes in both report format and detailed format and you can check the list of endpoints out of the same to ensure they have ACS to allow installation for the mentioned CE version.
Also in your case as we have seen in previous discussions, if ACS installation is a challenge, though it is not recommended, however, as a last mile resort, you can revert to the option to install 7.5CE. True that you will lose functionalities and new capabilities included with 7.9 or 7.9CE(let alone 8.1.x which is the latest), you can get EoL till March, 2024 as a reference Window. However, you cannot downgrade to 7.5CE and you will have to reinstall the agents with the CE version till the time patching is not fixed.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
