Install the Cortex XDR Agent for Windows

Learn about the Cortex XDR agent installation options and use the provided workflows to install the Cortex XDR agent 7.1 on Windows endpoints.
Standard Cortex XDR agent installation is intended for standard physical endpoints or persistent virtual endpoints. Install the Cortex XDR Agent Using the MSI or from the command-line using Msiexec

Install Cortex XDR Agent 7.1 Using the MSI

Use the following workflow to install the Cortex XDR agent using the MSI file.
  1. Before installing the Cortex XDR agent 7.1 on a Windows endpoint, verify that the system meets the requirements described in the Cortex XDR Agent for Windows Requirements.
  2. Download the Cortex XDR agent installer for Windows from Cortex XDR.
    Ensure that you download the Windows installer for the Windows architecture (x64 or x86) installed on the endpoint.
  3. Run the MSI file on the endpoint.
    The installer displays a welcome dialog.
    windows-xdr-install-welcome.png
  4. Click
    Next
    .
    windows-xdr-install-ready.png
  5. Install
    the agent.
    The installer displays a User Account Control dialog.
    windows-xdr-install-uac.png
  6. Click
    Yes
    .
  7. After you complete the installation, verify the Cortex XDR agent can establish a connection.
    If the Cortex XDR agent does not connect to Cortex XDR, verify your internet connection and perform a check-in on the endpoint. If the agent still does not connect, verify the installation package has not been removed from the Cortex XDR management console.

Install the Cortex XDR Agent 7.1 Using Msiexec

Msiexec provides full control over the installation process and allows you to install, modify, and perform operations on a Windows Installer from the command line interface (CLI). You can also use Msiexec to log any issues encountered during installation.
You can also use Msiexec in conjunction with a System Center Configuration Manager (SCCM), Altiris, Group Policy Object (GPO), or other MSI deployment software to install Cortex XDR on multiple endpoints for the first time.
When you install the Cortex XDR agent with Msiexec, you must install the Cortex XDR agent per-machine and not per-user.
Although Msiexec supports additional options, the Cortex XDR agent installers support only the options listed here. For example, with Msiexec, the option to install the software in a non-standard directory is not supported—you must use the default path.
  • /i<installpath>\<installerfilename>.msi
    —Install a package. For example,
    msiexec /i c:\install\cortexxdr.msi
    .
  • /qn
    —Displays no user interface (quiet installation).
  • /L*v <logpath>\<logfilename>.txt
    —Log verbose output to a file. For example,
    /l*v c:\logs\install.txt
    .
  • VDI_ENABLED=1
    —Use to install the Cortex XDR agent on the golden image for a non-persistent VDI. This option identifies the session as a VDI in Cortex XDR and applies license and endpoint management policy specific for non-persistent VDI. To set up the Cortex XDR agent on a golden image for non-persistent VDI, see Configure the Cortex XDR Agent in a Non-Persistent VDI.
  • TS_ENABLED=1
    —Use to install the Cortex XDR agent on the golden image for a temporary session. This option identifies the session as a temporary session in Cortex XDR and to apply license and endpoint management policy specific for temporary sessions. To set up the Cortex XDR agent on a golden image for temporary sessions, see Configure the Cortex XDR Agent for Temporary Sessions.
  • proxy_list
    —Use to install Cortex XDR agents that communicate with Cortex XDR through an application-specific proxy for Cortex XDR. This option is relevant in environments where Cortex XDR agents communicate with Cortex XDR through a proxy, enabling Cortex XDR admins to control and manage the agent proxy configuration settings without affecting the communication of other applications on the endpoint. To set up a Cortex XDR specific proxy, see Configure Cortex XDR Specific Proxy.
    You can also set up a system-wide proxy for all communication on the endpoint.
  • RESTRICT_RESPONSE_ACTIONS=1
    —Use to permanently disable the option for Cortex XDR to perform all, or a combination, of the following actions on endpoints running a Cortex XDR agent: initiate a Live Terminal remote session on the endpoint, execute Python scripts on the endpoint, and retrieve files from the endpoint to Cortex XDR. Disabling any of these actions is an irreversible action, so if you later want to enable the action on the endpoint, you must uninstall the Cortex XDR agent and install a new package without this flag. To disable a specific action, use the corresponding flag:
    • RESTRICT_LIVE_TERMINAL=1
      —Use to disable Live Terminal.
    • RESTRICT_SCRIPT_EXECUTION=1
      —Use to disable script execution.
    • RESTRICT_FILE_RETRIEVAL=1
      —Use to disable files retrieval.
    To disable more than one option, use any combination of these flags.
To install Cortex XDR using Msiexec:
  1. Before installing the Cortex XDR agent 7.1 on a Windows endpoint, verify that the system meets the requirements described in Cortex XDR Agent for Windows Requirements.
  2. Use one of the following methods to open a command prompt as an administrator.
    • Select
      Start
      All Programs
      Accessories
      . Right-click
      Command prompt
      and
      Run as administrator
      .
    • Select
      Start
      . In the
      Start Search
      box, type
      cmd
      . Then, to open the command prompt as an administrator, press
      CTRL
      +
      SHIFT
      +
      ENTER
      .
  3. Run the
    msiexec
    command followed by one or more supported options and properties.
    For example:
    msiexec /i c:\install\cortexxdr.msi /l*v C:\temp\cortexxdrinstall.log /qn
  4. After you complete the installation, verify the Cortex XDR agent can establish a connection.
    If the Cortex XDR agent does not connect to Cortex XDR, verify your internet connection and perform a check-in on the endpoint. If the agent still does not connect, verify the installation package has not been removed from the Cortex XDR management console.

Configure Cortex XDR Specific Proxy

In environments where Cortex XDR agents communicate with Cortex XDR through a proxy, you can define a system-wide proxy that affects all communication on the endpoint, or a Cortex XDR specific proxy that you can set, manage, and disable in Cortex XDR. This topic describes how to install a Cortex XDR agent on the endpoint and assign it a Cortex XDR specific proxy.
  1. Install a Cortex XDR Agent Using Msiexec and include the
    proxy_list
    argument.
    The argument format is
    proxy_list=”
    <proxy>:<port>
    1. To install a Cortex XDR agent with a Cortex XDR specific proxy, enter your proxy IP address and port number. You can assign up to five different IP addresses per agent, and the proxy for communication is selected randomly with equal probability.
      For example:
      msiexec /i c:\install\cortexxdr.msi proxy_list=”10.196.20.244:8080,10.196.20.245:8080”
    2. To install a Cortex XDR agent communicating through the Palo Alto Networks Broker Service, you must enter the Broker VM IP address and port number 8888 only.
  2. After the initial installation, you can change the proxy settings if necessary from the
    Endpoints
    page of Cortex XDR.

Recommended For You