Upgrade
Cortex
XDR
Agents

You can upgrade the Cortex XDR agent software by using the appropriate method for the endpoint operating system.
After you install the
Cortex
XDR
agent and the agent registers with
Cortex
XDR
, you can upgrade the
Cortex
XDR
agent software using a method supported by the endpoint platform:
  • Android
    —Upgrade the app directly from the Google Play Store or push the app to your endpoints from an endpoint management system such as AirWatch.
  • Windows, Mac, or Linux
    —Create new installation packages and push the
    Cortex
    XDR
    agent package to up to 5,000 endpoints from
    Cortex
    XDR
    .
    • You cannot upgrade VDI endpoints or a Golden Image.
    • Before upgrading a
      Cortex
      XDR
      agent 7.0 or later running on macOS 10.15.4 or later, you must ensure that the System Extensions were approved on the endpoint. Otherwise, if the extensions were not approved, after the upgrade the extensions remain on the endpoint without any option to remove them which could cause the agent to display unexpected behavior. To check whether the extensions were approved, you can either verify that the endpoint is in Fully Protected state in
      Cortex
      XDR
      , or execute the following command line on the endpoint to list the extensions:
      systemextensionsctl list
      . If you need to approve the extensions, follow the workflow explained in the
      Cortex
      XDR
      agent administration guide for approving System Extensions, either manually or using an MDM profile.
Upgrades are supported using actions which you can initiate from the
Action Center
or from
All Endpoints
as described in this workflow.
  1. Create an Agent Installation Package for each operating system version for which you want to upgrade the
    Cortex
    XDR
    agent.
    Note the installation package names.
  2. Select
    Endpoints
    All Endpoints
    .
    If needed, filter the list of endpoints. To reduce the number of results, use the endpoint name search and filters
    Filters
    at the top of the page.
  3. Select the endpoints you want to upgrade.
    You can also select endpoints running different operating systems to upgrade the agents at the same time.
  4. Right-click your selection and select
    Endpoint Control
    Upgrade Agent Version
    .
    For each platform, select the name of the installation package you want to push to the selected endpoints.
    Starting in the
    Cortex
    XDR
    agent 7.1 release, you can install the
    Cortex
    XDR
    agent on Linux endpoints using package manager. When you upgrade an agent on a Linux endpoint that is not using package manager,
    Cortex
    XDR
    upgrades the installation process by default according to the endpoint Linux distribution. Alternatively, if you do not want to use the package manage, clear the option
    Upgrade to installation by package manager
    .
    The
    Cortex
    XDR
    agent keeps the name of the original installation package after every upgrade.
  5. Upgrade
    .
    Cortex
    XDR
    distributes the installation package to the selected endpoints at the next heartbeat communication with the agent. To monitor the status of the upgrades, go to
    Response
    Action Center
    . From the
    Action Center
    you can also view additional information about the upgrade (right-click the action and select
    Additional data
    ) or cancel the upgrade (right-click the action and select
    Cancel Agent Upgrade
    ).
    • During the upgrade process, the endpoint operating system might request for a reboot. However, you do not have to perform the reboot for the
      Cortex
      XDR
      agent upgrade process to complete successfully.
    • After you upgrade to a
      Cortex
      XDR
      agent 7.2 or a later release on an endpoint with
      Cortex
      XDR
      Device Control rules, you need to reboot the endpoint for the rules to take effect.

Recommended For You