06-19-2026 01:05 PM
After automatic upgrade is performed an endpoint now is disconnected with this message:
XDR Agent failed to upgrade from version 9.1.0.20483 to version 9.2.0.120 on 79433PC with error: The content package was faulty or could not be downloaded.
Is there a way to reconnect it to XDR console?
06-22-2026 09:22 AM
Hello @omonroy502642 ,
Greetings for the day.
The error message "The content package was faulty or could not be downloaded" typically indicates a failure during the download phase of the agent update process, often caused by network interruptions, SSL decryption interference, or a corrupted local package state. Since the endpoint is currently disconnected, reconnection must be initiated from the endpoint side using local administrative tools.
If the agent is in a Disconnected state following the failed upgrade, follow these steps on the affected Windows endpoint to clear the corrupted state and force a reconnection:
"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime stop"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime queryrmdir /q /s "C:\ProgramData\Cyvera\LocalSystem\Persistence\content_settings.db"del /q /s "C:\ProgramData\Cyvera\LocalSystem\Download\*""C:\Program Files\Palo Alto Networks\Traps\cytool.exe" runtime start"C:\Program Files\Palo Alto Networks\Traps\cytool.exe" checkinIf the local recovery does not resolve the issue, or if multiple endpoints are affected, verify that your network security infrastructure is not blocking the required resources.
URL Whitelisting
Ensure the following URL is allowed through your firewall or secure web gateway:
panw-xdr-installers-prod-us.storage.googleapis.comSSL Decryption Exclusions
Add the following domains to your SSL decryption exclusion list:
*.traps.paloaltonetworks.com*.xdr.<region>.paloaltonetworks.companw-xdr-installers-prod-us.storage.googleapis.comglobal-content-profiles-policy.storage.googleapis.comPending Reboot
A pending reboot from a previous installation attempt can cause this error. Perform a standard OS reboot and monitor the agent's connection status afterward.
Corrupted Installation (Last Resort)
If the agent remains disconnected or the installation is corrupted, use the Cortex XDR Cleaner utility to completely remove the agent and then perform a fresh installation of the required agent version.
The cleaner utility is typically located at:
C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper\XdrAgentCleaner\XdrAgentCleaner.exeIf the issue persists after completing the above steps, it is recommended to open a support case with Palo Alto Networks Support. The support team can provide the latest version of the cleaner utility, review the agent logs, and perform a deeper analysis to identify the root cause of the content download failure and disconnection issue.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
