Showing results for 
Show  only  | Search instead for 
Did you mean: 


L1 Bithead

Cortex-XDR agent rollback feature not available, its recommended for  deployment in large network.

Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.

L5 Sessionator

Hi @Vishwasamudra what would be the reason for a rollback? My recommendation is to first deploy a new version of an agent on a set of UAT servers. Upon UAT validation, you can proceed to deploy on a wider set of endpoints. Irrespective of deployment sizes, this should be the process to ensure operational stability.

This could not be a solution its one of the deployment practice/method in production environment. what are the reasons to add agent rollback feature. other end point protection have providing why cant they. 

Hi @Vishwasamudra it is not clear why you'd want to perform a rollback. Is it because of performance issues? If so, it'd be prudent to roll out a new version on UAT before production deployment. This would help identify any issues in UAT, work with support to fix the issue and proceed to production.

Secondly, a rollback exposes the endpoints to known issues that were discovered and documented on older versions. This is not an ideal solution. 

Thirdly, a rollback is not a long-term solution as the organization would still need to push an upgrade to ensure the agents do not reach EoL. Once an agent reaches EoL, it stops receiving Content Updates and exposes an endpoint to known vulnerabilities, which are detected/prevented by Content Updates.

Fourthly, a rollback to an older version removes the capability of the agent to have additional security modules which were introduced in newer versions.

Finally, a rollback is a last resort - which can be managed with software inventory tools like SCCM, Intune etc.


I look forward to hearing your points on the need for rollback and why my recommendations do not fit your need as a best practice.



Solution from Polo alto on end point security..

Cortex-XDR not provided auto upgrade with desired version for large scale of networks ( mostly 500 to 1000 systems)

auto upgrade will take latest patch what released soon...

Todays life every thing going to IOT/automation with less man power.

If my XDR profile set to auto update, need provision agent rollback with N+1.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!