Use Case and Purpose of xdrhealth.exe

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Use Case and Purpose of xdrhealth.exe

L3 Networker

Recently i have noticed that there is another folder which has been created under PA Cortex folder as below:

 

"C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper"

 

Inside the Folder there is PE which is xdrhealth.exe, what is the purpose of this EXE? Is there any documentation which can be used for understanding its purpose. From the name it seems to be something to do with health checks up for the XDR services on the local system and report to cloud console but it would be beneficial to understand the purpose.

 

Thank you

Kind Regards
KS
6 REPLIES 6

L1 Bithead

We are seeing also a new Service with Name "Cortex XDR Health helper" which is set to Automatic but not started.

This causes Issues with our Monitoring. Not sure if this service runs only from time to time and what is the purpose of that Service.

(Even a restart of the Device, doesn't start the Service.)

Seems to be something new with Agent 7.7.0.

Following this thread. I am seeing this also when investigating the trapsd
logs.
Let's have a seat and talk for a while.

L1 Bithead

L0 Member

Here are some additional infos about the behaviour of Cortex XDR Health Helper Service: Cortex XDR Health Helper service does not start after upgrade t... - Knowledge Base - Palo Alto Netw...

L0 Member

Does anyone know how to exclude this alert in the Windows Server Manager / Service Health Status?
It's really annoying that XDR Health Service is the only Service on our Servers that produces these "red flags"...

Just found that. May help, didn't test/check Windows Server 2012 Server Manger Ignore Services? (microsoft.com)
If someone has a solution to set this with gpo would be apreciated.

  • 10216 Views
  • 6 replies
  • 5 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!