11-28-2024 01:20 AM
Hey,
I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the old policy name applied .
How can I check locally on the endpoints which policy applied ? is there a registry key or some endpoint log ?
12-03-2024 01:30 AM
Hi @Alexey_Didusenko
Thanks for your query on LC!
The policy update should be instant or within agents next heartbeat-5mins if its applied correctly.
You can check the policy applied via cytool command -
Step 1 : Execute cytool command as follows
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" persist print agent_settings.db
Step 2 : Extract a line starting with ' Admin profiles ' Admin profiles: {"tag": ....omit....}
After step 2, it is recommended to use text editor (like visual studio code) which can format the document.
Give it a like & mark as solution if this helped your query!
Best,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
