Cortex XDR installed on personal computer which was used for work more than 5 years ago

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR installed on personal computer which was used for work more than 5 years ago

L0 Member

Hi,

 

Hi have this personal computer which I used for work several years ago (5). I started working for another company and stopped using this computer for work stuff.

 

Recently, about a year ago, I started using it again for all kind of things (streaming, tech stuff, gaming, etc.), and a new application has shown up which wasn't installed before (!), preventing me from doing certain things: Cortex XDR.

 

I suspect my computer wasn't removed from that Company's inventory, and I didn't take proper measures to remove any corporate configuration. I tried uninstalling it, but it's telling me there's some Anti-Tampering thing preventing me from uninstalling. I can tell the support staff which company it is, but it's been sold to another company few years ago.

 

How can I uninstall this new application Cortex XDR from my personal computer? Version is 7.3.1.

 

Thanks in advance!



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
3 REPLIES 3

L3 Networker

Hi @Bernat 

You cannot un-install Cortex XDR, if your old company enabled Anti-tamper protection and if you dont know uninstall password.

You can try with Password1 . This is default password but we are highly recommending to change this password and most probably, Your old company is not using this password anymore. You can reach out them to learn password. 

 i saw your agent 7.3. this is unsupported version and not supporting token based one time uninstall password which means that you need general or policy based uninstall password. 

 

You can open TAC ticket to get xdrcleaner.exe but since you dont have active support contract, maybe your old company open a ticket for you.

 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Unins...

Hi @etugriceri and thanks for your response.

I tried with Password01 but it didn't work (thank godness for whoever installed it, but bad news for me). However, I've been able to get the hash and salt from the current installation.

I'll try opening a TAC ticket, can you provide a link for that? I wonder if I'm breaking any laws by having a licensed application by a 3rd company installed in a personal laptop 😅.

Hopefully, I can get full control of my PC without having to reinstall everything.

Best regards.

Cyber Elite
Cyber Elite

It is possible to remove XDR without knowing uninstall password but you need to boot into Safe mode, clean up some registry entries and at the end run Traps removal tool (XDR was called Traps back in a day).

 

TAC will provide you steps and Traps removal tool (maybe it has been renamed by now...).

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 3392 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!