Uninstalling Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Uninstalling Cortex XDR

L0 Member

Hi All

 

I recently installed Microsoft teams at home to connect to work based meetings.  It installed two additional software packages namely a vpn network as well as cortex xdr.  I wish to uninstall cortex xdr as it is on my home computer however i do not have access to the password as tamper protection stops me from uninstalling.


Can anyone please assist me in what to do.

 

 

 

3 REPLIES 3

Community Team Member

Hi @chaosza1543 ,

 

Did you try disabling the anti-tampering with the cytool command ? "cytool protect disable" "

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/7.7/Cortex-XDR-Agent-Administrator-Guide/Cytoo...

 

You can try with the default password : Password1

If that doesn't work then you'll need to contact your XDR tenant admin to have it removed as they should know the password or you can contact support.

 

Similar discussion on the same topic:

https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-uninstall-without-password-an...

https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/anti-tamper-protection-preventing-uninst...

https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-7-2-0-63060-and-7-5-0-36150-canno...

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

@chaosza1543,

Your administrator(s) likely enforces enrollment of the device and is forcing every enrolled device to get the VPN, maybe Teams, and have the Cortex XDR agent installed to access company resources on a BYOD endpoint. This isn't really an abnormal configuration or requirement across many different companies.

As @kiwi mentioned you can try the default password, just be aware that if your company is enforcing these things to access company resources you may break your access or otherwise be violating company policy. Chances are, if you ask about this you'll be forced to remove all company resources from the machine to remove Cortex XDR.

 

It's also possible that your admins aren't expecting anyone to enroll the device and they don't have policies scoped properly to prevent the installation of required applications. I wouldn't be shocked to see a smaller company encounter these sort of issues if they won't expecting anyone to use Teams on a personal device or enroll a non-work endpoint. 

L2 Linker

You can ask you admin to remotely uninstall it or generate a temp admin token for you so that you can remove the agent. 

  • 2143 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!