Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR Live Terminal problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR Live Terminal problem

L2 Linker

Hello.

 

We have a problem about live terminal. When we we initiate live terminal session in endpoints ( all endpoints have same problem ) notification pops up ( about live terminal ) but we see 'operation time out' error in Cortex XDR web UI. Can anybody help about this situation?

 

Note:  We give all accesses to endpoints as mentioned in this link.

 

Thanks.

1 accepted solution

Accepted Solutions

L3 Networker
3 REPLIES 3

L4 Transporter

Hi OrkanAlibayli,

please check this doc with the requirements for the live terminal session and make sure you are compliant with that

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...

 

at the following document you will see how to at step 4 you can disable the notifications to the user. Please realize that this is just available for Windows and Mac endpoints. 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/customiza...

 

I also hope that the following procedure helps: 

Procedure
To investigate and respond to security events on Windows endpoints, you can use the Live Terminal to initiate a remote connection to an endpoint.

The Cortex XDR agent facilitates the connection using a remote procedure call.
Live Terminal enables you to manage remote endpoints.
Live Terminal is supported for endpoints that meet the following requirements:

  • Traps 6.1 or a later release
  • Windows 7 SP1 or a later release
  • PowerShell 5.0 or a later release
  • Windows update patch for WinCRT (KB 2999226)—To verify the Hotfixes that are installed on the endpoint, run the system info command from a command prompt.
  • Endpoint activity was reported within the last 90 minutes (as identified by the Last Seen time stamp in the endpoint details).

If the endpoint supports the necessary requirements, you can initiate a Live Terminal session from the Endpoints page. You can also initiate a Live Terminal as a response action from a security event. If the endpoint is inactive or does not meet the requirements, the option is disabled.

After you terminate the Live Terminal session, you also have the option to save a log of the session activity. All logged actions from the Live Terminal session are available for download as a text file report when you close the live terminal session.

 

Please dont forget to thumbs up if this answer was helpful.

KR,

Luis 

Hello Eluis,

Thanks for answer. All requirements in above is compatiable in our endpoints. But problem still going on. 

L3 Networker

Hi @OrkanAlibayli 

 

Palo Alto Networks is currently reporting Cortex XDR  - Limited Functionality in Remote Terminal Services in Americas and Europe Regions.  You may subscribe to the updates to monitor the status. 

  • 1 accepted solution
  • 5940 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!