This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR service getting stoppage on machines

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR service getting stoppage on machines

VineethArumulla
L1 Bithead

‎02-03-2023 02:26 AM

why the Monitoring agent service getting stopped on Hosts. When we checked the logs of some machines we got this error " XDR service cyserver was stopped on ABCDdesktop. Could you please explain 

2 people had this problem.
0 Likes Likes
2 REPLIES 2

neelrohit
L5 Sessionator

‎02-03-2023 02:51 AM

Hi @VineethArumulla ,

 

Since this is a public forum for discussion, it would be difficult to answer and investigate. Request you to kindly open a support case with our technical team with support files for investigation and fix(if any).

 

Not sure where did you check the logs, however, if it was in the agent audit logs, it is also possible that Cortex XDR sends this audit log when endpoints are powered off. When the endpoint is shutdown, then the agent service stops and hence the XDR sends this in form on an agent audit log. However, if you see this happening for the endpoints and then you don't get a start service from the same endpoint for some defined number of days that can be an anomaly in your environment, then you should also investigate on the endpoint level to see if there is some issue.

Screenshot 2023-02-03 at 6.48.22 PM.png

 

 

Hope this helps!

 

Please mark the response as  "Accept as Solution" if it answers your query.

 

Regards

0 Likes Likes

dgagnon
L1 Bithead

‎02-15-2023 08:08 AM

I noticed a similar trend with systems in our environment. When looking at the logs of a specific endpoint and the comparing activity of others, the cyserver service gets stopped when Cortex XDR performs a policy update. These two events are usually within 1 minute of each other. If you did open a ticket, I'm sure others here would like to know what the official resolution was to the question.

0 Likes Likes
  • 2952 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks