Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-18-2020 10:22 AM
Would anyone happen to have an example of a powershell script that'll assist in removing the XDR agent? Thanks ahead of time.
09-22-2020 08:45 PM - edited 10-07-2020 06:27 AM
One option would be to request the XDR Cleaner Tool from support and use:
REM to disable agent protect and remove agent with XDRAgentcleaner
@echo off
echo Password123|"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" protect disable
REM use xdrcleaner note the password is in clear txt
xdragentcleaner.exe --silient --password Password123 --log c:\remove.log
09-22-2020 08:45 PM - edited 10-07-2020 06:27 AM
One option would be to request the XDR Cleaner Tool from support and use:
REM to disable agent protect and remove agent with XDRAgentcleaner
@echo off
echo Password123|"%ProgramFiles%\Palo Alto Networks\Traps\cytool.exe" protect disable
REM use xdrcleaner note the password is in clear txt
xdragentcleaner.exe --silient --password Password123 --log c:\remove.log
11-19-2020 03:09 AM
Most Anti virus has an anti tamper password. Call the vendor if it's not working. There's probably registry keys and possibly other system files to hook the kernel.
02-12-2021 11:27 AM
Hi folks,
Could you help me plaease to know how can i create a bat script to execute Cortex Agent cleaner with anti tampering password to remove cortex agents?
I have to use bat because powershell is prohibited
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
