End-of-Life (EoL)
Install the
Cortex XDR Agent for Windows
Learn about the Cortex XDR agent installation options
and use the provided workflows to install the Cortex XDR agent 7.1
on Windows endpoints.
Standard Cortex XDR agent installation is
intended for standard physical endpoints or persistent virtual endpoints. Install the Cortex XDR Agent Using the MSI or
from the command-line using Msiexec
Install Cortex XDR Agent 7.1 Using the MSI
Use the following workflow to install the
Cortex XDR agent using the MSI file.
- Before installing the Cortex XDR agent 7.1 on a Windows endpoint, verify that the system meets the requirements described in the Cortex XDR Agent for Windows Requirements.
- Download the Cortex XDR agent installer for Windows from Cortex XDR.Ensure that you download the Windows installer for the Windows architecture (x64 or x86) installed on the endpoint.
- Run the MSI file on the endpoint.The installer displays a welcome dialog.
- ClickNext.
- Installthe agent.The installer displays a User Account Control dialog.
- ClickYes.
- After you complete the installation, verify the Cortex XDR agent can establish a connection.If the Cortex XDR agent does not connect to Cortex XDR, verify your internet connection and perform a check-in on the endpoint. If the agent still does not connect, verify the installation package has not been removed from the Cortex XDR management console.
Install the Cortex XDR Agent 7.1 Using Msiexec
Msiexec provides full control over the installation
process and allows you to install, modify, and perform operations
on a Windows Installer from the command line interface (CLI). You
can also use Msiexec to log any issues encountered during installation.
You
can also use Msiexec in conjunction with a System Center Configuration
Manager (SCCM), Altiris, Group Policy Object (GPO), or other MSI
deployment software to install Cortex XDR on multiple endpoints
for the first time.
When you install the Cortex XDR agent
with Msiexec, you must install the Cortex XDR agent per-machine
and not per-user.
Although Msiexec supports additional options,
the Cortex XDR agent installers support only the options listed
here. For example, with Msiexec, the option to install the software
in a non-standard directory is not supported—you must use the default
path.
- /i<installpath>\<installerfilename>.msi—Install a package. For example,msiexec /i c:\install\cortexxdr.msi.
- /qn—Displays no user interface (quiet installation).
- /L*v <logpath>\<logfilename>.txt—Log verbose output to a file. For example,/l*v c:\logs\install.txt.
- VDI_ENABLED=1—Use to install the Cortex XDR agent on the golden image for a non-persistent VDI. This option identifies the session as a VDI in Cortex XDR and applies license and endpoint management policy specific for non-persistent VDI. To set up the Cortex XDR agent on a golden image for non-persistent VDI, see Configure the Cortex XDR Agent in a Non-Persistent VDI.
- TS_ENABLED=1—Use to install the Cortex XDR agent on the golden image for a temporary session. This option identifies the session as a temporary session in Cortex XDR and to apply license and endpoint management policy specific for temporary sessions. To set up the Cortex XDR agent on a golden image for temporary sessions, see Configure the Cortex XDR Agent for Temporary Sessions.
- proxy_list—Use to install Cortex XDR agents that communicate with Cortex XDR through an application-specific proxy for Cortex XDR. This option is relevant in environments where Cortex XDR agents communicate with Cortex XDR through a proxy, enabling Cortex XDR admins to control and manage the agent proxy configuration settings without affecting the communication of other applications on the endpoint. To set up a Cortex XDR specific proxy, see Configure Cortex XDR Specific Proxy.You can also set up a system-wide proxy for all communication on the endpoint.
- RESTRICT_RESPONSE_ACTIONS=1—Use to permanently disable the option for Cortex XDR to perform all, or a combination, of the following actions on endpoints running a Cortex XDR agent: initiate a Live Terminal remote session on the endpoint, execute Python scripts on the endpoint, and retrieve files from the endpoint to Cortex XDR. Disabling any of these actions is an irreversible action, so if you later want to enable the action on the endpoint, you must uninstall the Cortex XDR agent and install a new package without this flag. To disable a specific action, use the corresponding flag:
- RESTRICT_LIVE_TERMINAL=1—Use to disable Live Terminal.
- RESTRICT_SCRIPT_EXECUTION=1—Use to disable script execution.
- RESTRICT_FILE_RETRIEVAL=1—Use to disable files retrieval.
To disable more than one option, use any combination of these flags.
To install Cortex
XDR using Msiexec:
- Before installing the Cortex XDR agent 7.1 on a Windows endpoint, verify that the system meets the requirements described in Cortex XDR Agent for Windows Requirements.
- Use one of the following methods to open a command prompt as an administrator.
- Select. Right-clickStartAll ProgramsAccessoriesCommand promptandRun as administrator.
- SelectStart. In theStart Searchbox, typecmd. Then, to open the command prompt as an administrator, pressCTRL+SHIFT+ENTER.
- Run themsiexeccommand followed by one or more supported options and properties.For example:msiexec /i c:\install\cortexxdr.msi /l*v C:\temp\cortexxdrinstall.log /qn
- After you complete the installation, verify the Cortex XDR agent can establish a connection.If the Cortex XDR agent does not connect to Cortex XDR, verify your internet connection and perform a check-in on the endpoint. If the agent still does not connect, verify the installation package has not been removed from the Cortex XDR management console.
Configure Cortex XDR Specific Proxy
In environments where Cortex XDR agents communicate
with Cortex XDR through a proxy, you can define a system-wide proxy that
affects all communication on the endpoint, or a Cortex XDR specific
proxy that you can set, manage, and disable in Cortex XDR. This
topic describes how to install a Cortex XDR agent on the endpoint
and assign it a Cortex XDR specific proxy.
- Install a Cortex XDR Agent Using Msiexec and include theproxy_listargument.The argument format isproxy_list=”<proxy>:<port>”
- To install a Cortex XDR agent with a Cortex XDR specific proxy, enter your proxy IP address and port number. You can assign up to five different IP addresses per agent, and the proxy for communication is selected randomly with equal probability.For example:msiexec /i c:\install\cortexxdr.msi proxy_list=”10.196.20.244:8080,10.196.20.245:8080”
- To install a Cortex XDR agent communicating through the Palo Alto Networks Broker Service, you must enter the Broker VM IP address and port number 8888 only.
- After the initial installation, you can change the proxy settings if necessary from theEndpointspage of Cortex XDR.
Recommended For You
Recommended Videos
Recommended videos not found.