Prisma Access Agent
Disable the Prisma Access Agent
Table of Contents
Disable the Prisma Access Agent
If necessary, you can temporarily disable the Prisma Access Agent if your
administrator configured this capability in the agent.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
If your administrator enabled it, you can temporarily disable the Prisma Access
Agent. This is helpful on devices where other secure access apps, such as the
GlobalProtect™ app, coexist with the Prisma Access Agent. In this case, you will
have to disable the Prisma Access Agent before you can switch to the other
app.
After you disable the Prisma Access Agent, the agent is in the disabled state,
where:
- All traffic to Prisma Access locations are disabled, and multi-factor authentication (MFA) is disabled.
- Communication with the server persists so the agent can continue to receive upgrades, remote shell requests from the administrator, and perform HIP checks.
- If configured by the administrator, the anti-tamper feature will continue to function to protect the agent from unauthorized tampering.
- On macOS devices, the system and network extensions for Prisma Access Agent will continue to be active, and the content filter will also continue to be active.
- Connecting to another server reenables the Prisma Access Agent automatically.
To disable the Prisma Access Agent:
Disable the Prisma Access Agent (Using the App)
Learn how to disable the Prisma Access Agent using the app.
To disable the Prisma Access Agent using the Prisma Access Agent app, complete the
following steps.
Disabling the agent using a one-time password requires
Prisma Access Agent version 25.3.0.43 or later.
- Open the Prisma Access Agent app by clicking the Prisma Access Agent iconin your taskbar.
![]()
If you're disabling the agent for the first time or if you don't see the Disable link in the settings page, sign out of the Prisma Access Agent.- Select the hamburger menu and select Sign Out.
- Log in to the Prisma Access Agent app again to make the Disable link appear in the settings window.
Click the hamburger menu to open the settings window.![]()
Disable the Prisma Access Agent.![]()
(Prisma Access Agent version 25.3.0.43) If your administrator requires a one-time password (OTP) to disable the agent, enter the password and click Yes on Windows or OK on macOS. If you don't have the password, contact your administrator for the password.For example, on Windows:![]()
The password is a unique, single-use password. Once you use it to disable the agent, you can’t use it again. The next time you disable the agent, you will need to request another one-time password from your administrator. If you forget the password, ask your administrator to share it with you again.Close the settings window by clicking the X.The Prisma Access Agent is disabled.![]()
To reenable the Prisma Access Agent:- Open the Prisma Access Agent.Select the hamburger menu and Enable the Prisma Access Agent.
![]()
The Prisma Access Agent functionality will resume.
Disable the Prisma Access Agent (Using PACli)
Learn how to disable the Prisma Access Agent using the Prisma Access Agent command-line tool (PACli).You can disable the Prisma Access Agent using the Prisma Access Agent command-line tool (PACli).- Enter the following command:
- (macOS)
/Applications/Prisma\ Access\ Agent.app/Contents/Helpers/pacli disable
- (Windows)
"C:\Program Files\Palo Alto Networks\Prisma Access Agent\pacli" disable
(Prisma Access Agent version 25.3.0.43) If your administrator requires a one-time password (OTP) to disable the agent, Enter One Time Password when prompted. If you don't have the password, contact your administrator for the password.If successfully disabled, the Agent is disabled message is displayed. For example, on Windows:![]()
To verify that the agent is disabled, run the following command:pacli status
In the command output, the State should be Disabled. For example, on Windows, you should see the following output:![]()
To reenable the agent, run the following command:pacli enable
- (macOS)
