All,
I've followed the following guide to update our client to Cortex XDR from Traps 6.1.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-1/cortex-xdr-agent-admin/cortex-xdr-agent-for-mac/install-the-cortex-xdr-agent-for-mac-using-jamf.html
I'm still getting the following message on some machines though. Has anybody seen this, and to why it's not accepting the Kernel extension Team ID provided by Palo Alto.
I'm thinking of reaching out to them to see if Cortex uses a different Team ID?
Thank you!
For anyone who it may help, I tried this with perfect results: Went to Smart Groups, and set
Profile Name > has > Cortex XDR Agent Unified Configuration Profile
Then I scope my Cortex installation policy to that Smart Group. This forces the Cortex XDR app not to install until the profile is installed first.
Has worked perfectly for me so far!
P.S I also experimented and found that if I uploaded the signed profiles that are provided in the PaloAlto document @davidhiggs referenced above, I can actually install the Cortex XDR agent first, and then install the profiles after, and it still appears to work perfectly! I am at first prompted to "install a system extension", but that prompt goes away as soon as the profiles install and the system is rebooted. The agent reports as expected to Cortex endpoint management administration. This was on an M1 test device running 11.6.
Jeanette
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.