Customizable Agent Settings

You can apply predefined settings to your Cortex® XDR™ agent endpoints, depending on the platform used on your endpoints.
Each Agent Settings Profile provides a tailored list of settings that you can configure for the platform that you select.
The following table describes these customizable settings and indicates which platforms support the setting (a dash (—) indicates the setting is not supported).
In addition to the customizable Agent Settings Profiles, you can also:
Agent Profiles
Disk Space
Customize the amount of disk space the Cortex XDR agent uses to store logs and information about events.
User Interface
Determine whether and how end users can access the Cortex XDR console.
Traps Tampering Protection
Prevent users from tampering with the Cortex XDR agent components by restricting access.
Uninstall Password
Change the default uninstall password to prevent unauthorized users from uninstalling the Cortex XDR agent software.
Windows Security Center Configuration
Configure your Windows Security Center preferences to allow registration with the Microsoft Security Center, to allow registration with automated Windows patch installation, or to disable registration.
Change forensic data collection and upload preferences.
XDR Pro Endpoints
Enable the Cortex XDR Pro agent capabilities, including enhanced data collection, advanced responses, and available Pro add-ons.
Requires a Cortex XDR Pro per Endpoint license and allocation of log storage in Cortex Data lake.
Response Actions
Manual response actions that you can take on the endpoint after a malicious file, process, or behavior is detected. For example, you can terminate a malicious process, isolate the infected endpoint from the network, quarantine a malicious file, or perform additional action as necessary to remediate the endpoint.
Content Updates
Configure how the Cortex XDR agent performs content updates on the endpoint: whether to download the content directly from Cortex XDR or from a peer agent, whether to perform immediate or delayed updates, and whether to perform automatic content updates or continue using the current content version.
Agent Auto Upgrade
Enable the agent to perform automatic upgrades whenever a new agent version is released. You can choose to upgrade only to minor versions in the same line, only to major versions, or both.
Upload Using Cellular Data
Enable Android endpoints to send unknown APK files for inspection as soon as a user connects to a cellular network.
Global Agent Configurations
Global Uninstall Password
Set the uninstall password for all agents in the system.
Content Bandwidth Management
Configure the total bandwidth to allocate for content update distribution within your organization.
Agent Auto Upgrade
Configure the Cortex XDR agent auto upgrade scheduler and number of parallel upgrades.
Cortex XDR Endpoint Data Collection
Configure the type of information collected by the Cortex XDR Agent for Vulnerability Assessment and Host insights.
See Hardened Endpoint Security for the list of all operating systems that support these capabilities.
Advanced Analysis
Enable Cortex XDR to automatically upload alert data for secondary verdict verification and security policy tuning.

Recommended For You