Laptop with CortexXDR installed from a bankrupt company

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Laptop with CortexXDR installed from a bankrupt company

L0 Member

Hi,

 

I've got a laptop from a previous employer who is in final stages of bankruptcy.  I'm blocked from internet access once I was layed off based on policies in Cortex, I was curious at some point once the company is completely dissolved would the policies no longer be enforced.  The reason I ask is when I go into the Cortex console it shows that it's connected to a particular url which mentions my previous company, wasn't sure if they pay for support of these policies.

2 REPLIES 2

Community Team Member

Hi @ArtWhite ,

 

Cortex XDR licenses are valid for the period of time associated with the license purchase. After the Cortex XDR license expires, Cortex XDR allows access to your tenant for an additional grace period of 48 hours. After the 48-hour grace period, Cortex XDR disables access to the Cortex XDR app until you renew the license.

 

For the first 30 days of your expired license, Cortex XDR continues to protect your endpoints and/or network and retains data in the Data Layer according to your data retention policy and licensing. After 30 days, the tenant is decommissioned and agent prevention capabilities cease.

 

More info on XDR license:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Cortex-XDR-...

 

Alternatively you could also uninstall the agent:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.9/Cortex-XDR-Agent-Administrator-Guide/Unins...

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

@ArtWhite,

If uninstall protection is enabled this doesn't turn off with the decommissioning of a tenant from my experience, it just becomes locked to whatever setting was present and the agent actually continues to be updated even though there's no tenant on the backend.

Assuming that you have access to the machine, I'd just reimage the thing at this point and be done with it. Unlikely that your past company will/can issue an uninstall to the endpoint. I'd also be really careful about using an endpoint that isn't cleared to be utilized, or wiping a machine owned by a company without explicit permission. If the company is going through bankruptcy IT assets will likely be sold off and liquidated as part of the proceedings. 

  • 597 Views
  • 2 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!