Prevention Policy Rules Time to update?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prevention Policy Rules Time to update?

Hey,  

I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the old policy name applied . 

How can I check locally on the endpoints  which policy applied ? is there a registry key or some endpoint log ?

1 REPLY 1

L3 Networker

Hi @Alexey_Didusenko 

Thanks for your query on LC!

The policy update should be instant or within agents next heartbeat-5mins if its applied correctly.

You can check the policy applied via cytool command -
Step 1 : Execute cytool command as follows
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" persist print agent_settings.db
Step 2 : Extract a line starting with ' Admin profiles ' Admin profiles: {"tag": ....omit....}

After step 2, it is recommended to use text editor (like visual studio code) which can format the document.

Give it a like & mark as solution if this helped your query!

Best,

  • 180 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!