How to remove Old versions of Cortex Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to remove Old versions of Cortex Agent

L2 Linker

Hello everyone,

 

We're facing issues upgrading older versions of the Cortex agent on Windows endpoints — particularly versions 7.x and in some cases 8.x. These agents fail to upgrade both automatically and manually.

Requesting a cleaner for each minor version and sharing the uninstall/disable password with IT support is not only time-consuming but also raises security concerns. Things become even more complicated when using the cleaner in safe mode, where there's often no network access — requiring us to hand over the password just to disable the agent.

Is there any streamlined or supported method to remove outdated Cortex agents more efficiently, without having to go through all of these manual steps?

 

Any suggestions or best practices are greatly appreciated.

 

Thanks in advance!

1 REPLY 1

L4 Transporter

Hi Arman_Zaheri, 

  1. First recommendation is to uninstall XDR agents from the XDR tenant console so you can do it in a bulk automated manner. 
  2. For the endpoints that are not accessible, the way to uninstall them is to ask TAC support for the Agent Cleaner and this is more like a manual way rebooting in safe mode, etc.. They will give you the instructions on how to uninstall together with the agent cleaner executable. Instead of using the global password you can create at the agent profile as per the operating system level and set a password for every profile and assign the target endpoints to that profiles. This last password setting by profiles is a recommended good practice from PANW. 
    Please check the doc link:
    https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Manage-agent-tokens
  3. Additionally you have the Token creation (temporary token -you can select the maximum expiration 21 days- you can create per needs and give to your sysadmins, and rolling tokens too which are renewed automatically every 14 days by the tenant) 
  4. As a good practice PANW recommends to maintain your endpoints with XDR agents installed on a daily basis to prevent a kind of chaos of many agents not able to communicate with the tenant, which will cause more manual operations on the endpoints with XDR agents. 
    As a help to reconnect non-connected agents you can use the cytool reconnect force command to force the reconnection of lost agents.
    Please check how to use the cytool command tool at: 
    https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.2/Cortex-XDR-Agent-Administrator-Guide/Cytoo...

Feel free to click on like the answer if this helped you.

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.

KR,

Luis

  • 212 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!