Uninstall the Cortex XDR Agent for Mac - 7.9 - 7.8 - Cortex XDR - Cortex XDR Agent - Cortex - Security Operations

Cortex XDR Agent Administrator Guide

Product
Cortex XDR
Cortex XDR Agent
Version
7.7
Creation date
2022-08-31
Last date published
2023-01-04
End_of_Life
EoL
Category
Administrator Guide

From the Cortex XDR management console, you can uninstall the Cortex XDR agent on an endpoint (see Uninstall the Cortex XDR Agent in the Administrator’s Guide for your Cortex XDR license type). You can also uninstall the agent from the endpoint directly. On Mac endpoints, you can use the uninstaller that comes with the Cortex XDR agent installation package to uninstall the agent software. To uninstall the agent, you must also supply the uninstall password.

After you uninstall the agent, the endpoint is no longer protected by Cortex XDR security policies and the license returns to the pool of available licenses.

Note

  • Starting with macOS 10.15.4, the operating system requests the user approval to remove the Cortex XDR agent from the endpoint and prompts the user on the endpoint to enter the operating system credentials during the uninstall process. After approval and authentication, the Cortex XDR agent continues the uninstall process.

  • Before upgrading a Cortex XDR agent 7.0 or later running on macOS 10.15.4 or later, you must ensure that the System Extensions were approved on the endpoint. Otherwise, if the extensions were not approved, after the upgrade the extensions remain on the endpoint without any option to remove them which could cause the agent to display unexpected behavior. To check whether the extensions were approved, you can either verify that the endpoint is in Fully Protected state in Cortex XDR, or execute the following command line on the endpoint to list the extensions: systemextensionsctl list. If you need to approve the extensions, follow the workflow explained in the Cortex XDR agent administration guide for approving System Extensions, either manually or using an MDM profile.

  1. Run the Cortex XDR agent uninstaller.

    The uninstaller is part of the installation package that you downloaded from the Cortex XDR management console to install the agent (EndpointsEndpoint ManagementAgent Installations).

  2. When prompted, enter the Cortex XDR agent uninstall password and click OK.

    The global uninstall password is defined in the gear.png > Agent Configuration of the Cortex XDR management console.

  3. When prompted, enter the macOS credentials for a user that has permissions to uninstall apps and click OK.

    The uninstaller completes the uninstall process and removes the Cortex XDR agent and related files.