Cortex Xdr Partial protected (7.4)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex Xdr Partial protected (7.4)

L0 Member

Hi everyone , 

we have a problem with some of our linux servers ,
the status is partial Protected ,

  • the secure boot is disabled
  • the kernel supported
  • the policy is the same on all servers (also those with status 'protected')

the only thing that i find is the ited proccess stopped ,

is that can cause the isse?
also cant start the Ited by cmd , while try to start get an error "Incorrect parameter for runtime subcommand"

 

Any idea will be appreciated

chaim_Avisrur_0-1642512485745.png

Cortex XDR 

2 REPLIES 2

L5 Sessionator

Hi @chaim_Avisrur Please try the following steps in sequence:

Step 1

You can stop XDR agent and start it with the following commands:

1. cytool runtime stop

2. cytool runtime start

If it fails, try step 2.

 

Step 2

Check if the problem persists after a reboot

If this fails, try step 3.

 

Step 3

Create a support ticket and upload the support logs. You can collect support logs by referring to the documentation here

L2 Linker

Hi @chaim_Avisrur,

 

Just to verify as well, any of the criteria on this guide are met? even after the runtime stop/start command provided by @bbarmanroy 

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/monitoring/monitor-agent-op...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!