GlobalProtect
Enhanced HIP Remediation Process
Table of Contents
Enhanced HIP Remediation Process
Enhanced HIP-Improvements
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can now configure the GlobalProtect app to rerun the HIP remediation script
whenever the GlobalProtect endpoint fails the process check after running the
configured HIP remediation process.
With this feature enabled, the GlobalProtect app will rerun the HIP
remediation script when the process fails after the set HIP remediation timeout
period to help the endpoint recover from a HIP check failure. The app reruns the
remediation script after a process check failure based on the HIP remediation
process retry count you configure through the app settings of the GlobalProtect
portal.
For example, if you configure the retry count as 3 and the remediation
timeout period as 5 mins in the portal configuration, then every time the endpoint
fails the process check after performing the remediation process, the app runs the
script three times and waits up to 5 mins before it submits the HIP report.
Use the following procedure to configure the HIP remediation process
retry:
- Set up custom process checks.Configure a HIP remediation processHIP remediation process for the GlobalProtect app to run a remediation script whenever a GlobalProtect endpoint fails one or more process checks to help the endpoint recover from a HIP check failure.
- Configure a HIP remediation timeout on the portal.Configure a HIP Process Remediation Retry.
- Select .
- Select the portal configuration to which you are adding the agent configuration, and then select the Agent tab.
- Select the agent configuration that you want to modify, or Add a new one.
- Select the App tab.
- To enable the HIP process remediation retry feature, set a
HIP Process Remediation Retry count.
By default, this field is set to 0, indicating that the feature is disabled. Enter a value from 1-3 to indicate the number of times you want to run the HIP remediation process in case of process check failures.
![]()
This feature will be disabled after you upgrade or downgrade the GlobalProtect app versions. - In the HIP Process Remediation Integrity Check field, specify the checksum that you generated for the HIP remediation process.
- Click OK twice to save your app and portal configurations.
- Commit the changes.
Deploy the remediation script to your endpoints using mobile device management (MDM).As a best practice, use standard formats for the scripts you deploy (for example, deploy shell scripts on macOS endpoints and batch scripts on Windows endpoints). The name of the script is case sensitive and you must use the predefined name and location as follows:- Windows:Location: \Program Files\Palo Alto Networks\GlobalProtect\Naming convention: hip-remediation-script.bat
- macOS:Location: /Applications/GlobalProtect.app/Contents/Resources/Naming convention: hip-remediation-script.sh
(Optional) Customize how the script runs on the endpoint by setting a checksum and/or a custom error message and defining the context in which the script will run.Connect the GlobalProtect app and the hip remediation script runs automatically whenever the GlobalProtect endpoint fails the process check. If the process check fails even after running the remediation script, the app reruns the remediation script based on the configured retry count. After the retries, the app submits the HIP check report irrespective of whether the process check is successful or not.View the GlobalProtect logs to view the hip_remediation_script log and verify whether the HIP remediation process is successful or not.The remediation log name and locations for- Windows: %AppData%\Local\Palo Alto Networks\GlobalProtect\hip_remediation_scripts.log
- macOS: ~/Library/Logs/PaloAltoNetworks/GlobalProtect/hip_remediation_scripts.log
The hip_remediation_scripts.log will be a part of the GlobalProtect logs bundle and will be collected when users initiate log collection through the GlobalProtect app or when the app sends diagnostic logs to the Strata Logging Service for further analysis.
