Problems installing Cortex XDR to a user

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problems installing Cortex XDR to a user

L0 Member

Hello Palo Alto Team.

 

When installing Cortex XDR on a user, we must disable Windows Anti-Tampering, due to the following error:

 

irissentinel_0-1637154458742.png

 

If Windows Anti-Tampering is disabled, we still have installation problems.

 

irissentinel_2-1637154670760.png

 

Operating system name: Microsoft Windows 10 Pro

 

Operating system version: 10.0.19042 N/D Compilación 19042

 

3 REPLIES 3

L3 Networker

I see that as well on a handful of assets as well. I spoke to the tac on this and they basically said to either un-install or run the cleaner.

you can also try to use cytool to disable

 
cytool protect disable process
cytool protect disable Registry
cytool protect disable file
cytool protect disable service
 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/5-0/cortex-xdr-agent-admin/traps-agent-for-windo...

 

Having said that I always see this on a handful of assets, and find it is just quicker to either uninstall the old version then re-install.

would be nice to know why this is happening. 

Hello.

I have tried uninstalling and running the cleaner. Also with the cytool tool to disable.
this is the error that appears when reinstalling the new version.

 

MicrosoftTeams-image (1).png

 

L3 Networker

Hi @irissentinel

 

As @PeteJacobCF mentioned, you first need to disable the Agent Tampering protections. 

 

You need to open CMD in admin mode, cd to "c:\program files\Palo Alto Networks\Traps\", then type "cytool protect disable". You will need to enter the Supervisor/Uninstall password. All protections are disabled. Now you can continue with uninstall/install process.

  • 5089 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!