Access a remote endpoint through the Live Terminal.
To investigate and respond to alerts,
you can use the
to initiate a remote
connection to an endpoint. Cortex XDR establishes a connection on
Windows endpoints using either the Traps agent or a Pathfinder VM
using an RCP connection.
The endpoint must be monitored by Pathfinder or
Traps and run Windows 7 SP1 or higher to establish a live terminal
session. Pathfinder installs an agent on the endpoint that deletes
itself after the remote session closes. If the endpoint is monitored
by both Pathfinder and Traps, the Cortex XDR app uses the Traps
Live Terminal to establish a remote connection (and does not use
All actions taken from the Live Terminal are logged, and can
be download the session report as a text file when closing the live