This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Operational status unprotected with error message running without valid content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Operational status unprotected with error message running without valid content

Shashanksinha
L3 Networker

‎10-27-2022 12:24 AM

Related to Cortex XDR

we are observing operational status as unprotected for some endpoints and the error says running without valid content.
But at the same time we also observed some of the agents running on the the latest agent version also having this error(running without valid content) .
How do get the hosts in protected operational status in both cases one which is not upgraded to the latest agent version and one which with upgraded to latest version but still running without valid content

0 Likes Likes
2 REPLIES 2

creddy
L3 Networker

‎10-31-2022 08:05 PM

Hi @Shashanksinha 

The first and foremost requirement for agent is content updates which can be downloaded from XDR cloud resources. Please check with the network administration team to allow the URLs required to be whitelisted to enable access to Cortex XDR resources as listed here to download content.

If the above access in already place, look at the corresponding Content Version column field of the endpoint in Endpoints section under Cortex XDR console. It should be an empty field. This happens when an EOL (End-of-Life) agent is installed on the endpoint. An EOL agent will not receive any content updates. Get those endpoints upgraded to the latest version of Cortex XDR agent via Action Center or other methods as is used in your organization.

I hope that answers your query.
If these answers are helpful, mark this post as answer.

Thank you!

0 Likes Likes

bbarmanroy
L5 Sessionator

‎11-01-2022 01:38 AM

@Shashanksinha Assuming all endpoints have network access to Cortex XDR, this appears to be an issue with an endpoint DB potentially corrupted.
My recommendation is that for those endpoints which are running on latest version but yet without CU, try uninstalling and reinstalling the agent to see if the problem disappears. It is imperative to get those endpoints with a valid CU to ensure there is an adequate level of protection in place.

 

 

 

 

0 Likes Likes
  • 1689 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks