GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues
Focus
Focus
GlobalProtect

GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues

Table of Contents

GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues

GlobalProtect App 6.2.8-h2 (6.2.8-c243) Addressed Issues
The following table lists the addressed issues in GlobalProtect app 6.2.8-h2 (6.2.8-c243) Windows and macOS.
Issue ID
Description
GPC-23294
Fixed an issue where GlobalProtect app intermittently disconnected on macOS endpoints even with a stable network connection. This was due to a timeout that was too short for the route system command.
GPC-23270
Fixed an issue where GlobalProtect app version 6.3.3 using SAML with the embedded browser would lose cursor focus in the password field, requiring users to click in the password field before entering their password.
GPC-23191
Fixed an issue where GlobalProtect took almost 2 minutes to reconnect to an already connected gateway after a host reboot.
GPC-23115
Fixed an issue where the hardware token authentication option was intermittently unavailable while using the embedded GlobalProtect browser on Windows machines.
GPC-23044
Fixed an issue where, when a machine was in Modern standby, the GlobalProtect app repeatedly attempted to connect to gateways, even when authentication failed due to SAML timeout. This resulted in GlobalProtect connecting to non-optimal gateway
GPC-22763
Fixed an issue where GlobalProtect prompted for credentials instead of using authoverride cookie when authenticating to the best available gateway.
GPC-22522
Fixed an issue where, after upgrading from GlobalProtect app version 6.1.2 to 6.2.6, external users on Windows 11 computers with multiple Azure Entra accounts were unable to authenticate to the portal using SAML with Azure Entra as the Identity Provider (IdP). The new WebView2 embedded browser automatically used the user's default Windows credential for Single Sign-On (SSO), preventing them from selecting the correct account for authentication.To resolve this issue a new registry key 'entra-sso' has been introduced. You can add the registry key using two methods and set it to no to disable SSO.
  • For pre-deployment, use msiexec.exe /i globalprotect64.msi ENTRASSO="no"
  • Add key entra-sso and set it to nounder HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings.
If the entra-sso key does not exist under the above path, the GlobalProtect app's default behavior is to Allow Entra SSO.
GPC-22066
Fixed an issue where the HIP check detected an incorrect real-time protection status for Windows Defender ATP and CrowdStrike Falcon anti-malware software, which could incorrectly mark non-compliant devices as compliant.
GPC-22029
Fixed an issue where Apple software downloads took longer to complete when using GlobalProtect with split tunneling enabled.