08-24-2023 02:10 AM
Hi,
We've a problem with installation cortex xdr 8.1 on Windows Server 2008/2012 and Windows10_v1607....
All machine need the AZURE update https://support.microsoft.com/en-us/topic/kb5022661-windows-support-for-the-azure-code-signing-progr...
We read the documentation, try install updates but errors every time. update failed installation, etc...
We try install SSU and ESU but same...
Does anyone know if there's any version of cortex that doesn't require this KB, and permit install the agent and then I would force the upgrade to version 8.1.
08-24-2023 02:48 AM
We try install version 7.9.0.20664 and works...
the question is, as i'm having problems with the updates of these machines and still waiting for the operating system to migrate, it would be better to put these machines in a policy with agent updates off right? or I can try to migrate to the 8.1 version of the agent?
08-24-2023 03:34 AM
Hello Tiago,
Thank you for reaching out to the Live Community. Please allow me to address your questions.
Windows Server 2008 R2 SP1 doesn't support 8.0 & 8.1, hence you cannot force upgrade it.
Regarding Server 2012 and Windows 10, from March 2023 Microsoft is asking Security Vendor to have the ASC update must, hence all the versions after 7.9 requires ASC.
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Windows
I would suggest checking with Microsoft Support and get the updates installed. If updates are installed correctly as per the document, please check with TAC support and get the agent updated.
Please mark the response as "Accept as Solution" if it answers your query.
08-24-2023 06:50 AM
Hi @tlmarques ,
Thank you for your contribution with the query on Livecommunity!
Technically, these machines unless migrated to a new OS or purchased with ESU to support ACS patches will not be able to get any upgrades with agent versions released post February, 2023. As of now, the last supported release for these OSs without the Azure code signing patch is 7.9.1.
However, considering the fact that 7.9.x release(except the 7.9.100, known as CE version) will go end of life on 11th September, 2023, and also assuming you will not be able to upgrade the OSs to a new supported release until the aforementioned date, the only agent version supported as of now would be 7.5.101, known as 7.5CE version. Please note that even with agent upgrades enabled, we will not be able to move to a latest supported agent version as they would continue to fail to upgrade. As a result, you can exclude these endpoints from auto-upgrade.
Yes, there will be some loss of new capabilities and functionalities you have with 7.9 as of now, you will be able to stretch your endpoint decommissioning or OS migration plans until 6th March, 2024. However, that would be the end of line for the support for these outdated OS versions.
We have some solved live community articles on the lines of the same which could come in handy for your reference:
Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
