Monitor Agent Operational Status

From the Cortex XDR management console, you have full visibility into the Cortex XDR agent operational status on the endpoint, which indicates whether the agent is providing protection according to its predefined security policies and profiles. By observing the operational status on the endpoint, you can identify when the agent may suffer from a technical issue or misconfiguration that interferes with the agent’s protection capabilities or interaction with Cortex XDR and other applications. The Cortex XDR agent reports the operational status as follows:
  • Protected
    —Indicates that the Cortex XDR agent is running as configured and did not report any exceptions to Cortex XDR.
  • Partially protected
    —Indicates that the Cortex XDR agent reported one or more exceptions to Cortex XDR.
  • Unprotected
    —(
    Linux only
    ) Indicates the Cortex XDR agent was shut down.
You can monitor the agent
Operational Status
in
Endpoints
Endpoint Management
Endpoint Administration
. If the
Operational Status
field is missing, add it.
The operational status that the agent reports varies according to the exceptions reported by the Cortex XDR agent.
Status
Description
Protected
(
Windows, Mac, and Linux
) Indicates all protection modules are running as configured on the endpoint.
Partially protected
Windows
  • XDR data collection is not running, or not set
  • Behavioral threat protection is not running
  • Malware protection is not running
  • Exploit protection is not running
Mac
  • Operating system adaptive mode*
  • XDR Data Collection is not running, or not set
  • Behavioral threat protection is not running
  • Malware protection is not running
  • Exploit protection is not running
Linux
  • Kernel module not loaded**
  • Kernel module compatible but not loaded**
  • Kernel version not compatible**
  • XDR Data Collection is not running, or not set
  • Behavioral threat protection is not running
  • Anti-malware flow is asynchronous
  • Malware protection is not running
  • Exploit protection is not running
Unprotected
Windows, Mac, and Linux
:
  • Behavioral threat protection and Malware protection are not running
  • Exploit protection and malware protection are not running
Status can have the following implications on the endpoint:
  • *(
    Status
    )—The exploit protection module is not running.
  • **(
    Status
    )—
    • XDR data collection is not running
    • Behavioral threat protection is not running
    • Anti-malware flow is asynchronous
    • Malware protection is not running
    • Exploit protection is not running

Recommended For You