Update - Cortex XDR support for macOS 13 Ventura

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Update - Cortex XDR support for macOS 13 Ventura

L0 Member

We have some Macs updated with the latest version of OSX 13 Ventura, after the update, the Cortex XDR agent stopped working, now it's asking for permission to access the disk, but this option is no longer present in Security and Privacy in the System's Preferences as it was before.
We follow the installation tutorial according to the knowledge base, but without success so far, I look forward to returning and thanks.


L0 Member

Make sure Cortex is running the latest version per the info below.  Then see info at very bottom!

Dear customer,


As previously communicated we have released support for macOS 13 Ventura upon its release date. Due to changes made on the official macOS 13 ventura release, we would like to draw your attention to the fact that upgrading the operating system while using an agent version prior to the ones listed below may lead to disabled mode. We are working on a new content update aimed at preventing agents from going into this state.

We strongly recommend that you first upgrade the agent to one of the compatible versions listed below and only then upgrade the operating system.


Agent builds:



Look for TrapsSecurityExtension under Full Disk Access, select it and click the - sign at the bottom to remove it.  Click Check in Now on your agent and the TrapsSecurityExtension will reappear.  Select the button/slider to give it full disk access.  Click Check in Now on your agent and it should be working.

Best of luck!  This worked for me.


L0 Member

As of today recording to this MacOS 13 not supported yet. https://docs.paloaltonetworks.com/compatibility-matrix/cortex-xdr/where-can-i-install-the-cortex-xdr... 


This worked for me. Thank you! 

L0 Member

This worked for me too, Thank you!

L0 Member

On some Macs, this worked as I posted it, but on others, there were full disk access issues that required us to uninstall/reinstall Cortex.

L0 Member

Good afternoon gentlemen, even after installing cortex, the popup does not appear to allow you to monitor the network, is there anything else needed even if you are on the latest version?



L0 Member

Same questions here, I have some clients that XDR seems to work with when deployed with Jamf using the Palo provided security extension. But others do not. Now working with Ventura 13.2 and XDR 7.8.1 on M1. If I disable the XDR security extension I see pmd appear in Full Disk access. If I re-enable the extension after allowing pmd, and having the TrapSecurityExtension allowed, I still get a 307 error trying to connect.


I have now tested an M1 on both Monterey 12.6.3 and Ventura 13.2. Both produce 307 codes.

I created a new client download and things started working. Not sure why the previous one suddenly just stopped working.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!