Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
Hi @Piotr_Kowalczyk ,
Thank you for writing to live community!
In your previous discussion query, one of the responses mentioned that Azure Code Signing is a must patch for all Windows Endpoints to be able to install Cortex XDR agents released after February, 2023.
Since 7.9 CE is an agent version which was released in March, 2023, qualifies to have Azure Code signing patch on the endpoint. Because this is related question for the same, I am also adding some context to visualise and make sure which endpoints in your environment have Azure Code signing patch installed, Palo Alto Networks has provided a script in the script library to allow testing on endpoints to see if Azure Code signing is installed and if endpoint supports ACS signatures. If the result gives the output of "False", it implies the endpoint does not have Azure Code Signing Patch and ay agent version released post February, 2023 cannot be installed on the endpoint. The output comes in both report format and detailed format and you can check the list of endpoints out of the same to ensure they have ACS to allow installation for the mentioned CE version.
Also in your case as we have seen in previous discussions, if ACS installation is a challenge, though it is not recommended, however, as a last mile resort, you can revert to the option to install 7.5CE. True that you will lose functionalities and new capabilities included with 7.9 or 7.9CE(let alone 8.1.x which is the latest), you can get EoL till March, 2024 as a reference Window. However, you cannot downgrade to 7.5CE and you will have to reinstall the agents with the CE version till the time patching is not fixed.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
