This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Partialy protected

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Partialy protected

E.Istanto
L0 Member

‎06-16-2026 10:05 PM

Hello everyone, I'm having issues with my Cortex XDR agent. The operational status is partially protected, with the following details:
1. The OS I'm using is Ubuntu 24.04.0
2. I'm using the latest agent installer, version 9.2.0.119
3. The operational status details generally state that the Linux kernel cannot be loaded.

Is there a solution I can try, or has anyone else experienced something similar before?

Preview file
135 KB
0 Likes Likes
1 REPLY 1

susekar
L5 Sessionator

‎06-17-2026 05:23 AM - edited ‎06-17-2026 05:25 AM

Hello @E.Istanto ,

 

Greetings for the day and thanks for attaching the snapshot.

 

The "Partially Protected" status on Ubuntu 24.04 with a "Linux kernel cannot be loaded" error typically indicates that the Cortex XDR kernel module (KM) is either blocked from loading by the operating system or is incompatible with the installed kernel version. Ubuntu 24.04 x86_64 is supported starting with Cortex XDR Agent version 9.2.

 

(Common Causes and Solutions)

 

1. UEFI Secure Boot Block:

The most common cause on Ubuntu 24.04 is Secure Boot being enabled without the Palo Alto Networks kernel module signing certificate being enrolled in the system's Machine Owner Key (MOK) database.

Verify Secure Boot Status

Run the following command:mokutil --sb-state

If the output shows "SecureBoot enabled", enroll the PANW certificate.

Locate the Certificate:

Replace [distro] with the appropriate directory (for example, ubuntu24 )

ls -l /opt/traps/download/content/km/modules/[distro]/xdr_kernel_cert.der

Import the Certificate:

sudo mokutil --import /opt/traps/download/content/km/modules/[distro]/xdr_kernel_cert.der
Set a temporary password, reboot the system, and follow the UEFI prompts to Enroll MOK using the password you created.

2. Unsupported Kernel Version:

Ubuntu 24.04 uses newer 6.x kernels (for example, 6.8.x). If the specific kernel version is not yet supported by the installed content package, the kernel module may fail to load.

Workaround: Switch to User Space Mode:

User Space mode (eBPF-based) does not require a kernel module for most protections.

  1. Navigate to:

    Endpoints → Policy Management → Agent Settings Profiles

  2. Edit the profile assigned to the Ubuntu 24.04 endpoint.
  3. Change Agent Operation Mode to User Space.
  4. Save the profile and wait for the agent to heartbeat and apply the change.

3. Kernel Module Load Lock

The agent may create a .load_lock file after repeated ungraceful shutdowns to prevent further kernel module loading.

Clear the Lock:

sudo /opt/traps/bin/cytool runtime stop all
sudo rm /opt/traps/km_utils/.load_lock
sudo /opt/traps/bin/cytool runtime start all
On some Ubuntu versions, the lock file may instead reside at:/etc/traps/km/.load_lock
(Verification)

After applying the above steps, verify the agent status:sudo /opt/traps/bin/cytool status

 
Look for one of the following statuses:
  • Kernel Module is Loaded
  • Bpf is Running

These indicate that endpoint protection has been successfully enabled.

 

 

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

 

Thanks & Regards,
S. Subashkar Sekar

0 Likes Likes
  • 40 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks