Fixed an issue where the Prisma Access Agent on macOS and Windows would fail to properly clean up tunnel interface routing table entries when executing the pacli epm signout command after a gateway shutdown had left the agent in a Disconnected state. This problem occurred when agents that were previously connected to a tenant became disconnected due to gateway shutdowns, and users subsequently attempted to sign out using the pacli command.

Fixed an issue where the Prisma Access Agent Manager would incorrectly handle ICMP traffic configuration after upgrading to the latest version. When the Block Non-TCP and Non-UDP based traffic when connected to tunnel option was disabled by default following an upgrade, the pacli traffic show command would inaccurately display Allow non-tunnel outbound ICMP when connected to tunnel as true, while the underlying Allow ICMP for troubleshooting value was incorrectly being passed as false instead of the expected true value.

The agent now properly synchronizes the ICMP traffic configuration values to ensure consistent behavior between the configuration display and actual traffic routing.

Fixed an issue where the Prisma Access Agent on Windows would incorrectly report "error: 513 - PASrv is unreachable, please confirm it's running" when executing the pacli epm status command during reinstallation scenarios.

Fixed an issue where the Prisma Access Agent would automatically disconnect and remain disconnected without attempting to reconnect, leaving users without network protection. The problem occurred when the agent lost its connection to the endpoint management server and failed to re-establish the connection automatically as expected.

This occurred due to a DNS resolution timing conflict in certain network environments where the primary DNS server was unresponsive while the secondary DNS server was functioning properly. The fix adjusts the DNS resolution process to ensure proper failover occurs when the primary DNS server is unavailable, allowing the agent to maintain connectivity and automatically reconnect when network issues are resolved.

Fixed an issue where the Prisma Access Agent would become stuck in a "Connecting" state after a network switch when attempting to connect to an internal gateway. This problem occurred when users experienced a network change that caused them to be logged out from the tunnel, and while the Prisma Access Agent endpoint manager web-socket would successfully reconnect, the Prisma Access Agent app would remain stuck displaying "Connecting" indefinitely.

Fixed an issue where the Spyder application would display "Permission denied" errors and fail to work properly when Prisma Access Agent was installed on the same computer. Users found that Spyder would only function normally after completely removing the Prisma Access Agent from their system, creating a conflict between the two programs. The fix ensures that the Prisma Access Agent no longer interferes with Spyder, allowing both programs to run simultaneously without conflicts while maintaining the agent's security protection for other applications on the system.

Fixed an issue where users encountered "Server Enrollment failure" errors after installing Prisma Access Agent version 25.4.0.29, preventing them from successfully connecting to their organization's network. The problem occurred during the initial setup process when the agent attempted to register with the endpoint management server but failed with messages indicating an invalid enrollment secret. This occurred due to a compatibility issue between the agent's security enrollment method and certain Windows system security components. When the agent tried to use the primary secure enrollment process, some Windows systems would reject the connection due to unsupported security protocols, causing the entire enrollment to fail.

Fixed an issue where the Prisma Access Agent would freeze and become stuck in a non-responding state. The problem occurred when the application attempted to update multiple settings at the same time from different parts of the program, causing conflicts that would lock up the entire application. This resulted in users being unable to interact with Prisma Access Agent, as the interface would stop responding and the agent would appear to hang indefinitely. The fix ensures that all setting updates are now processed in a controlled, sequential manner to prevent these conflicts and maintain application responsiveness.

Fixed an issue where the Prisma Access Agent on macOS 15.6.1 failed to connect to external gateways when selecting Best Location and incorrectly switched to internal connectivity. This issue manifested in two specific scenarios:

This occurred due to the improper cleanup of the on-premises tunnel routes during the Best Location selection process, which caused the system to incorrectly determine that it was on an internal network and activate the Internal Host Detection functionality. This resulted in users being unable to establish proper external gateway connections through Prisma Access Agent on the updated macOS version, forcing the agent into internal mode when external connectivity was required and available.

Fixed an issue where the Prisma Access Agent would incorrectly remain bound to port 0 when switching between Prisma Access Agent endpoint manager configurations with different proxy settings, causing endpoint traffic to Explicit Proxy (EP) to fail. This problem occurred when the agent initially connected to an endpoint manager without agent proxy configured, then switched to a different endpoint manager that had a proxy port configured, but failed to update its port binding from port 0 to the new proxy port. The agent now correctly updates its port binding when switching between endpoint manager configurations with different proxy settings, eliminating traffic routing disruptions.

Fixed an issue where the Prisma Access Agent on Windows blocked authentication in the embedded browser due to the Best Available - Fail Safe mechanism in the forwarding profile triggering during the initial connection attempt. The embedded browser now properly bypasses the fail-safe mechanism when the agent is configured to run in on-demand mode, enabling successful authentication on the first attempt without requiring users to cancel and retry the authentication process after a reboot.