This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Laptop with CortexXDR installed from a bankrupt company

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Laptop with CortexXDR installed from a bankrupt company

ArtWhite
L0 Member

‎09-20-2023 06:30 AM

Hi,

 

I've got a laptop from a previous employer who is in final stages of bankruptcy.  I'm blocked from internet access once I was layed off based on policies in Cortex, I was curious at some point once the company is completely dissolved would the policies no longer be enforced.  The reason I ask is when I go into the Cortex console it shows that it's connected to a particular url which mentions my previous company, wasn't sure if they pay for support of these policies.

0 Likes Likes
2 REPLIES 2

kiwi
Community Team Member

‎09-25-2023 01:53 AM

Hi @ArtWhite ,

 

Cortex XDR licenses are valid for the period of time associated with the license purchase. After the Cortex XDR license expires, Cortex XDR allows access to your tenant for an additional grace period of 48 hours. After the 48-hour grace period, Cortex XDR disables access to the Cortex XDR app until you renew the license.

 

For the first 30 days of your expired license, Cortex XDR continues to protect your endpoints and/or network and retains data in the Data Layer according to your data retention policy and licensing. After 30 days, the tenant is decommissioned and agent prevention capabilities cease.

 

More info on XDR license:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Cortex-XDR-...

 

Alternatively you could also uninstall the agent:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Unins...

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎09-25-2023 06:44 AM

@ArtWhite,

If uninstall protection is enabled this doesn't turn off with the decommissioning of a tenant from my experience, it just becomes locked to whatever setting was present and the agent actually continues to be updated even though there's no tenant on the backend.

Assuming that you have access to the machine, I'd just reimage the thing at this point and be done with it. Unlikely that your past company will/can issue an uninstall to the endpoint. I'd also be really careful about using an endpoint that isn't cleared to be utilized, or wiping a machine owned by a company without explicit permission. If the company is going through bankruptcy IT assets will likely be sold off and liquidated as part of the proceedings. 

0 Likes Likes
  • 513 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks