>
    Strata Copilot
    Disable the Prisma Access Agent
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent User Guide
    4. Prisma Access Agent for Desktop Devices
    5. Disable the Prisma Access Agent
    Download PDF
    Prisma Access Agent

    Disable the Prisma Access Agent

    Table of Contents

    Disable the Prisma Access Agent

    If necessary, you can temporarily disable the Prisma Access Agent if your administrator configured this capability in the agent.
    Where Can I Use This?What Do I Need?
    • Prisma Access Agent
    • Minimum Prisma Access Agent version:
      • 25.1 (macOS and Windows)
      • 25.7 (Linux)
    • macOS, Windows, or Linux desktop devices
    • Check the prerequisites for the supported OS versions
    • Internet access
    If your administrator enabled it, you can temporarily disable the Prisma Access Agent. This is helpful on devices where other secure access apps, such as the GlobalProtect™ app, coexist with the Prisma Access Agent. In this case, you will have to disable the Prisma Access Agent before you can switch to the other app.
    After you disable the Prisma Access Agent, the agent is in the disabled state, where:
    • All traffic to Prisma Access locations are disabled, and multi-factor authentication (MFA) is disabled.
    • Communication with the server persists so the agent can continue to receive upgrades, remote shell requests from the administrator, and perform HIP checks.
    • If configured by the administrator, the anti-tamper feature will continue to function to protect the agent from unauthorized tampering.
    • On macOS devices, the system and network extensions for Prisma Access Agent will continue to be active, and the content filter will also continue to be active.
    • Connecting to another server reenables the Prisma Access Agent automatically.
    To disable the Prisma Access Agent:

    Disable the Prisma Access Agent (Using the App)

    Learn how to disable the Prisma Access Agent using the app.
    To disable the Prisma Access Agent using the Prisma Access Agent app, complete the following steps.
    Disabling the agent using a one-time password requires Prisma Access Agent version 25.3.0.43 or later.
    1. Open the Prisma Access Agent app by clicking the Prisma Access Agent icon
      in your taskbar.
      If you're disabling the agent for the first time or if you don't see the Disable link in the settings page, sign out of the Prisma Access Agent.
      1. Select the hamburger menu and select Sign Out.
      2. Log in to the Prisma Access Agent app again to make the Disable link appear in the settings window.
    2. Click the hamburger menu to open the settings window.
    3. Disable the Prisma Access Agent.
    4. (Prisma Access Agent version 25.3.0.43) (Not supported on Prisma Access Agent Linux) If your administrator requires a one-time password (OTP) to disable the agent, enter the password and click Yes on Windows or OK on macOS. If you don't have the password, contact your administrator for the password.
      For example, on Windows:
      The password is a unique, single-use password. Once you use it to disable the agent, you can’t use it again. The next time you disable the agent, you will need to request another one-time password from your administrator. If you forget the password, ask your administrator to share it with you again.
    5. Close the settings window by clicking the X.
      The Prisma Access Agent is disabled.
    6. To reenable the Prisma Access Agent:
      1. Open the Prisma Access Agent.
      2. Select the hamburger menu and Enable the Prisma Access Agent.
        The Prisma Access Agent functionality will resume.

    Disable the Prisma Access Agent (Using PACli)

    Learn how to disable the Prisma Access Agent using the Prisma Access Agent command-line tool (PACli).
    You can disable the Prisma Access Agent using the Prisma Access Agent command-line tool (PACli).
    1. Enter the following command:
      • (macOS)
        /Applications/Prisma\ Access\ Agent.app/Contents/Helpers/pacli disable
      • (Windows)
        "C:\Program Files\Palo Alto Networks\Prisma Access Agent\pacli" disable
      • (Linux)
        pacli disable
    2. (Prisma Access Agent version 25.3.0.43) (Not supported on Prisma Access Agent Linux) If your administrator requires a one-time password (OTP) to disable the agent, Enter One Time Password when prompted. If you don't have the password, contact your administrator for the password.
      If successfully disabled, the Agent is disabled message is displayed. For example, on Windows:
    3. To verify that the agent is disabled, run the following command:
      pacli status
      In the command output, the State should be Disabled. For example, on Windows, you should see the following output:
    4. To reenable the agent, run the following command:
      pacli enable

    © 2026 Palo Alto Networks, Inc. All rights reserved.