Use the Cortex® XDR™ Agent for Mac

Learn how to effectively use the Cortex® XDR™ agent for Mac by the different options described in this topic.
  • Open the Cortex XDR Agent application.
    Use one of the following methods:
    • Browse to the Traps folder in Finder.
    • If you enabled access to the agent console, click the Cortex XDR agent icon in the menu bar, and select
      Open Console
  • View status information about the Cortex XDR agent:
    • Version
      —Displays the agent version.
    • Protection
      —Displays the active policies in bold.
      On Mac endpoints running macOS 10.15.4, the
      Protection Status
      in the agent console indicates the status of both Malware and Exploit modules on the endpoint.
    • Connection
      —Displays the connection status and, if connected, includes the server to which the agent is connected.
    • Last Check-in
      —Displays the local time on the endpoint of the last check-in with the server.
  • Manually connect to the server.
    The agent periodically communicates with the server to send status information and retrieve the latest security policy. The agent performs this operation transparently at regular intervals so it is not typically necessary to connect to the server manually. If your
    status is
    Not Connected
    , you can manually retry your connection. This option is available if you do not want to wait for the automated communication interval to begin.
    To initiate a manual check-in with the server: On the home page of the Cortex XDR agent console, click
    Check In Now
    . If the agent successfully establishes a connection with the server, the
    status changes to indicated the service to which the agent is connected.
  • Collect and view logs.
    • Collect logs
      Generate Support File
      to collect Cortex XDR logs. After the Cortex XDR agent aggregates the logs, you can inspect or send them as needed. The logs can help you analyze any recent security events or Cortex XDR issues that you encounter. For remote endpoints, you can also retrieve logs from the Action Center.
    • View logs—Click
      Open Log File
      to view logs generated by the agent. The logs display in your default text editor in chronological order with the most recent logs at the bottom.
  • View recent security events that occurred on your endpoint.
    For each event, the agent console displays the local
    an event occurred, the name of the
    that exhibited malicious behavior, the
    that triggered the event, and the mode specified for the type of event (Termination or Notification).
  • View protected processes on the Mac endpoint.
    tab of the agent console displays all running processes in which the Cortex XDR agent is injected to prevent malicious execution or behavior. The agent console also indicates the process ID (PID) associated with each process.
  • Configure proxy communication.
    The agent can communicate with Cortex XDR using the system proxy server that you define for the endpoint. For information on How to Enter Proxy Settings, see the documentation for your Mac operating system version. If you prefer to use an application proxy, configure a Cortex XDR agent specific proxy.
  • Persistent notification from agent that your machine can’t access the network. Only when the issue is resolved, the notification does not appear.

Recommended For You