This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Policies without certificate enforcement enabled warning message

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Policies without certificate enforcement enabled warning message

Aneesh
L1 Bithead

‎02-27-2024 09:47 PM

Hi Team,

 

Recently I got a warning message in cortex saying that "Some of your endpoints have policies without Certificate Enforcement enabled". And by checking it further I could see that, this is to increase protection on the agent's communication by enforcing the use of root CA provided by Cortex (rather than on the local machine). 

 

It was in disabled state since I started using it and why it gives warning message now?

 

Can I get more clarity on this and what will be the impact if I enable this feature.

 

I am using Cortex XDR Version 3.9

 

Thanks in advance.

 

Cortex XDR 

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
3 people had this problem.
0 Likes Likes
22 REPLIES 22

Silva
L1 Bithead
In response to aspatil

‎03-05-2024 09:05 AM

Hi @aspatil thanks for your answer.

You described the changes about local and Palo Alto certificates with too much clarity upper in this post. 

However, I couldn't find these details in the Changes Features section of the Release Information, like:

  1. For at least 20 minutes, agents did not fallback to the local store
  2. At least 2 successful heartbeats in the last 20 minutes

The release note doesn't mention it, also doesn't mention several other things you said in the post here:

 

brucsilva_0-1709658030939.png

 

So where did find it?
PS: I'm new with Palo Alto and Cortex, so I'm having a little difficulty finding good and reliable information

Aneesh
L1 Bithead
In response to aspatil

‎03-05-2024 10:54 PM

Hi @aspatil,

 

Thanks for the explanation.

Could you please clarify the steps involved in 'enabled' state for better understanding.

 

Thanks in advance.

Aneesh.

0 Likes Likes

aspatil
L5 Sessionator

‎03-05-2024 11:01 PM

Hello @Aneesh ,

 

Could you confirm which steps are you asking about. The complete information has been shared with what Enable means? 

 

If you are looking for how to enable it, Please follow below instructions:

1. Endpoints-> Policy Management-> Prevention Profile

2. Edit all the Agent setting profiles and under Agent Certificate section enable it

Ashutosh Patil
0 Likes Likes

Aneesh
L1 Bithead
In response to aspatil

‎03-06-2024 12:58 AM

Hi @aspatil,

I was referring to the steps in enabled state which you have mentioned in your reply.

 

please find the below snip for your reference.

Aneesh_0-1709715236730.png

Thanks in advance.

Aneesh

 

0 Likes Likes

ScottCloster
L0 Member

‎03-13-2024 01:40 PM

Like a few here, I have no issue with the change and editing my custom Prevention profiles, but how does one edit the Default profiles to make this change? They do not appear to be editable but are associated with the risk. How do we edit those default Prevention Profiles to change the agent certificate setting? 

 

ScottCloster_0-1710362439934.png

 

0 Likes Likes

Ariq_Aziz
L2 Linker

‎03-18-2024 04:46 PM

Hi Guys,

Im also affected with those warning msgs. 

My question is, If I change the agent settings to enable. Do we have to tweak/Upload any certificates at XDR portal or in endpoints?

 

Thanks

0 Likes Likes

tlmarques
L3 Networker

‎03-19-2024 05:43 AM

In my company, we have certificates on everything (with subCA, rootCa etc), when using this, will we have problems with the certificates used in our domain, or is this just a certificate for the Agent XDR to communicate with the XDR tenant?

Best regards
Tiago Marques
0 Likes Likes

EricNO312
L0 Member

‎08-19-2024 12:57 PM

Hi Everyone,

 

To get the warning to go away, you have to assign the default "Policy Rule" Windows Default and macOS Default an "Agent Settings" profile that does not have the Disabled (Notify) setting enabled.

 

Thanks,
Eric

0 Likes Likes
  • 7499 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks