About creddy

Hello @Shahwaz_Md, There could be various reasons for the endpoint not showing in the console.  But primarily if the agent does not have network access to all required resources, it may fail to communicate to the Cortex XDR cloud server and does not show up on the console.   Check if the agent machine able to reach all cloud URLs. To know the list of cloud resources to allow from the agent side, refer below article. Resources Required to Enable Access • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documentation portal   Thank you! ... View more

Hi @Shashanksinha  The first and foremost requirement for agent is content updates which can be downloaded from XDR cloud resources. Please check with the network administration team to allow the URLs required to be whitelisted to enable access to Cortex XDR resources as listed here to download content. If the above access in already place, look at the corresponding Content Version column field of the endpoint in Endpoints section under Cortex XDR console. It should be an empty field. This happens when an EOL (End-of-Life) agent is installed on the endpoint. An EOL agent will not receive any content updates. Get those endpoints upgraded to the latest version of Cortex XDR agent via Action Center or other methods as is used in your organization. I hope that answers your query. If these answers are helpful, mark this post as answer. Thank you! ... View more

Hi @MithunKT  To resolve the issue you are facing follow below suggestions. 1.Make sure network access between agent and BVM is in place. Check connection from the agent to the broker VM using telnet. For example: Open command prompt on the workstation computer >> telnet <Broker IP> PORT 2.Make sure you have applied correct agent settings policy with download source as broker VM enabled to the endpoints where the proxy is failing. As per step 14 in below link https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/customizable-agent-settings/add-agent-settings-profile 3.Set or query cloud-defined proxies for the agent to force the agent to connect XDR server through proxy. Usage: cytool proxy query—Display the current status of cloud-defined proxy settings. cytool proxy set <list>—Set cloud-defined proxy settings to the proxies defined in <list>. For example: cytool proxy set "192.168.50.1:8080,192.168.60.2:808" cytool proxy set “”—Disable cloud-defined proxy. For Linux OS, example is below /opt/traps/bin/cytool proxy set <IP>:8888 4.Initiate manual check-in on the endpoint to force the agent to connect server and get all the policies assigned. Usage: cytool checkin To verify the checkin, view the check-in time on the agent console or using cytool last_checkin command. 5.Try reconnecting to the server if communication has been disabled, or force registration with a new distribution_id. Usage: cytool reconnect — Reconnects the Cortex XDR agent to the management application on the server. cytool reconnect force <Distribution_ID> — Reconnects the Cortex XDR agent to the management application on the server, with new distribution ID of installation package. With the above steps, the agent should ideally be communicating XDR servers via the BrokerVM. If the above info helpful, please mark this as solution. Thank you! ... View more

Hi @Aiman_Fathima , This feature is supported for agent versions with 7.8 and above only. Please upgrade your agent to the 7.8 version and verify to get benefit of this feature. Refer retrieve-support-file-password  for more details. I hope that answers your query. If this reply found helpful, please mark it as solution. Thank you! ... View more

Hi @JonathanYang_RX , When there is any newer release by product team, the earlier release agent version shown as outdated. The new Agent Installer (7.8.0.64267) for Windows as an example, replaces the previous installer version (7.8.0.64264). The build number has been updated. This is a completely new agent installer that you will be using moving forward to upgrade your agents. The old installer (7.8.0.64264) is now marked as outdated if you already have the installer file created in XDR Web Console. You also cannot download the outdated installer file anymore from the Web Console. However if you have already downloaded the old version and still using it to install on your computers, the Cortex XDR Agent will continue to be installed and will continue to register successfully with the XDR Server. The new version (7.8.0.64267) replaces the old version. Any new agent installation, please make use of the new installer file. For the computers that are still running the old 7.8 build, you will still need to perform an agent upgrade to get them to the newest version (7.8.0.64267) in this example. I hope this helps answer your questions. Please mark this post as solution if you found it helpful. ... View more