11-24-2023 10:51 AM
Hello dear community,
to install new agents can be risky. So there is a great delay setting. But I do not know which version will be installed when and on which agent. Because there is also no published date etc. of a version.
Yes you can exclude and include a agent from upgrade. Yes there are last ... coloumns. But I need it for future upgrades.
If you know a solution, let me know.
Otherwise feel free to send this link to your support for a feature request.
BR
Rob
11-27-2023 02:03 PM - edited 11-27-2023 02:04 PM
Hi RFeyertag,
We recommend enabling automatic version updates on low impact systems (desktop/laptops) and enable automatic version on the longer standing release and minor updates for non-critical servers. However, many customers implement the n-1 strategy, either is configurable in the Agent Settings Profile (step 15)
Select the Automatic Upgrade Scope:
Latest agent release
One release before the latest one
Only maintenance release
Only maintenance release in a specific version
If you choose One release before the latest one, Cortex XDR upgrades the agent to the previous release before the latest, including maintenance releases.
FYI The release schedule for Cortex XDR Agent (Agent Software Updates) feature releases is approximately three times a year; maintenance release every 6-8 weeks.
Cortex XDR Agent Critical Environment Versions are designed for sensitive and highly regulated environments and do not contain all updates and content existing in the standard version. Only critical and high severity bug fixes are applied to CE versions. Therefore, it is recommended to restrict the use of these versions to the required minimum. An example where CE version could be used is domain controllers.
You may reference the End-of-Life Summary - Palo Alto Networks as well to stay abreast on agent version EOL dates.
If you found this answer helpful please select Accept as Solution.
Thank you!
12-05-2023 01:49 PM
Sorry this isn't very helpful for me. I know the mecanism and we have set all fully automatic upgrades (except terminal server --> non function available).
But there are still issues with upgrades like you cross a pulled back upgrade and should get a hotfixed on. I would like to handle this by myself which upgrade will be installed. Imagine we could have stop the automatic rollout to Version 1.0 and decided to rollout bugfixed Version 1.1. This is a huge mess and lets me think about to expand the delay days to 14 because there are and were issues with the agent versions.
BR
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
