Create an Agent Installation Package
Learn how to create a Cortex® XDR™ agent installation package to deploy to your endpoints.
To install the Cortex XDR agent on the endpoint for the first time, you must first create an agent installation package. After you create and download an installation package, you can then install it directly on an endpoint or you can use a software deployment tool of your choice to distribute the software to multiple endpoints.
To install the Cortex XDR agent software, you must use a valid installation package that exists in your Cortex XDR management console. If you delete an installation package, any agents installed from this package are not able to register to Cortex XDR.
After you install the Cortex XDR agent for the first time, you can upgrade individual or batches of agents remotely from the Cortex XDR management console.
To create a new installation package:
- From Cortex XDR, select.EndpointsEndpoint ManagementAgent Installations
- Createa new installation package.
- Enter a uniqueNameand an optionalDescriptionto identify the installation package.The packageNamemust be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.
- Select thePackage Type.
- (Windows, macOS, and Linux only)Upgrade from ESM—Use this package to upgrade Traps agents which connect to the on-premises Traps Endpoint Security Manager to Cortex XDR.For more information, see Migrate from Traps Endpoint Security Manager to Cortex XDR.
- Select thePlatformfor which you want to create the installation package.
- (Windows, macOS, and Linux only) Select theAgent Versionfor the package.
- Createthe installation package.Cortex XDR prepares your installation package and makes it available on theAgent Installationspage.
- Download your installation package.When the status of the package showsCompleted, right-click the agent version, and clickDownload.
- For Windows endpoints, select between the architecture type. You can download the installer msi file only, or for Cortex XDR agents 7.4 and later, a distribution package that includes both the installer msi file and the latest content zip. The distribution package is recommended to reduce the network load and time typically required for the initial roll-out or major upgrades of the Cortex XDR agent. To understand the benefits, workflow, and requirements to support this type of deployment, refer to the Cortex XDR agent administrator guide.
- For macOS endpoints, download theZIPinstallation folder and upload it to the endpoint. To deploy the Cortex XDR agent usingJAMF, upload theZIPfolder toJAMF. Alternatively, to install the agent manually on the endpoint, unzip theZIPfolder and double-click thepkgfile.
- For Linux endpoints, you can download.rpmor.debinstallers (according to the endpoint Linux distribution), and deploy the installers on the endpoints using the Linux package manager. Alternatively, you can download aShellinstaller and deploy it manually on the endpoint.When you upgrade a Cortex XDR agent version without package manager, Cortex XDR will upgrade the installation process to package manager by default, according to the endpoint Linux distribution.
- For Android endpoints, Cortex XDR creates a tenant-specific download link which you can distribute to Android endpoints. When a newer agent version is available, Cortex XDR identifies older package versions as[Outdated].
- Next steps:As needed, you can return to theAgent Installationspage to manage your agent installation packages. To manage a specific package, right click the agent version, and select the desired action:
- Editthe package name or description.
- Deletethe installation package. Deleting an installation package does not uninstall the Cortex XDR agent software from any endpoints.Since Cortex XDR relies on the installation package ID to approve agent registration during install, it is not recommended to delete the installation package of active endpoints. If you install the Cortex XDR agent from a package after you delete it, Cortex XDR denies the registration request leaving the agent in an unprotected state. Hiding the installation package will remove it from the default list of available installation packages, and can be useful to eliminate confusion within the management console main view. These hidden installation can be viewed by removing the default filter.
- Copy text to clipboardto copy the text from a specific field in the row of an installation package.
- Hideinstallation packages. Using the Hide option provides a quick method to filter out results based on a specific value in the table. You can also use the filters at the top of the page to build a filter from scratch. To create a persistent filter, save ( ) it.
Recommended For You
Recommended videos not found.