>
    GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Addressed Issues
    4. GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues
    Download PDF
    GlobalProtect

    GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues

    Table of Contents

    GlobalProtect App 6.2.8-h2 (6.2.8-c243) Windows and macOS Addressed Issues

    GlobalProtect App 6.2.8-h2 (6.2.8-c243) Addressed Issues
    The following table lists the addressed issues in GlobalProtect app 6.2.8-h2 (6.2.8-c243) Windows and macOS.
    Issue ID
    Description
    GPC-23294
    Fixed an issue where GlobalProtect app intermittently disconnected on macOS endpoints even with a stable network connection. This was due to a timeout that was too short for the route system command.
    GPC-23270
    Fixed an issue where GlobalProtect app version 6.3.3 using SAML with the embedded browser would lose cursor focus in the password field, requiring users to click in the password field before entering their password.
    GPC-23191
    Fixed an issue where GlobalProtect took almost 2 minutes to reconnect to an already connected gateway after a host reboot.
    GPC-23115
    Fixed an issue where the hardware token authentication option was intermittently unavailable while using the embedded GlobalProtect browser on Windows machines.
    GPC-23044
    Fixed an issue where, when a machine was in Modern standby, the GlobalProtect app repeatedly attempted to connect to gateways, even when authentication failed due to SAML timeout. This resulted in GlobalProtect connecting to non-optimal gateway
    GPC-22763
    Fixed an issue where GlobalProtect prompted for credentials instead of using authoverride cookie when authenticating to the best available gateway.
    GPC-22522
    Fixed an issue where, after upgrading from GlobalProtect app version 6.1.2 to 6.2.6, external users on Windows 11 computers with multiple Azure Entra accounts were unable to authenticate to the portal using SAML with Azure Entra as the Identity Provider (IdP). The new WebView2 embedded browser automatically used the user's default Windows credential for Single Sign-On (SSO), preventing them from selecting the correct account for authentication.To resolve this issue a new registry key 'entra-sso' has been introduced. You can add the registry key using two methods and set it to no to disable SSO.
    • For pre-deployment, use msiexec.exe /i globalprotect64.msi ENTRASSO="no"
    • Add key entra-sso and set it to nounder HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings.
    If the entra-sso key does not exist under the above path, the GlobalProtect app's default behavior is to Allow Entra SSO.
    GPC-22066
    Fixed an issue where the HIP check detected an incorrect real-time protection status for Windows Defender ATP and CrowdStrike Falcon anti-malware software, which could incorrectly mark non-compliant devices as compliant.
    GPC-22029
    Fixed an issue where Apple software downloads took longer to complete when using GlobalProtect with split tunneling enabled.

    © 2025 Palo Alto Networks, Inc. All rights reserved.