Use Prisma Access Agent Anti-Tamper Protection
Learn how anti-tamper protection affects your interactions with Prisma Access Agent
and how to perform common tasks when protection is enabled.
Where Can I Use This? | What Do I Need? |
When your administrator has enabled anti-tamper protection for Prisma Access Agent, certain operations require additional authentication. This protection prevents unauthorized changes to the agent's critical files, services, and settings, maintaining the security and integrity of your device connection to Prisma Access.
Anti-tamper protection is transparent during normal operations—you can continue to use your device and applications as usual without interruption. The protection only affects attempts to modify, disable, or uninstall the Prisma Access Agent itself.
When You Will Encounter Anti-Tamper Protection
You might encounter anti-tamper protection when attempting to:
- Disable the Prisma Access Agent temporarily
- Uninstall the Prisma Access Agent from your device
- Modify or restart Prisma Access Agent services
- Change Prisma Access Agent files or registry settings
When you attempt any of these operations, depending on your administrator's
configuration, the Prisma Access Agent app might request a password or one-time
password (OTP).
Disabling the Agent Temporarily
If you need to temporarily
disable the Prisma Access Agent
(for example, when troubleshooting network issues), your experience will depend on
how your administrator has configured anti-tamper protection:
- If set to Allow: You can disable the agent without any
password by clicking the Disable options in the agent app
or using the appropriate command-line instruction.
- If set to Allow with One Time Password: You will need to
enter a valid one-time password when prompted. Your IT administrator or help
desk must provide this password.
- If set to Disallow: The Disable
option won’t be visible in the agent app. Contact your IT administrator if you
need the agent disabled.
If the agent is temporarily disabled, it will automatically re-enable after a
period set by your administrator (typically 30 minutes).
Uninstalling the Agent
When anti-tamper protection is enabled and you attempt to uninstall the Prisma Access Agent:
- On Windows: Navigate to , select Prisma Access Agent, and click
Uninstall.
- On macOS:
Run
the following
command:
/Applications/Prisma\ Access\ Agent.app/Contents/Helpers/uninstaller
- For both Windows and macOS: When prompted, enter the Uninstall OTP provided by
your IT administrator.
If you don't have the proper OTP, the uninstallation won’t proceed. Contact your IT
support team for assistance.
Obtaining a Password or OTP
When you need to perform an operation that requires authentication, you will need to
contact your IT support team or help desk. They can generate the appropriate
password or OTP for your specific device and the operation you need to perform.
OTPs are typically:
- Unique to your device
- Valid for only one use
- Specific to the operation you need to perform
Your IT team might use different distribution methods to share the OTP with you, such
as secure messaging, phone calls, or ticketing systems.
After Using an OTP
After using a Privileged Access OTP to perform an operation, you will have temporary
access to perform additional privileged operations without reentering a password.
You administrator sets the temporary access period (typically 30 minutes).
During this period:
- You can perform additional privileged operations without reentering a
password
- The system will notify you approximately five minutes before this privileged
access expires
- After the access period expires, you will need a new OTP for any additional
privileged operations
You can check the status of your temporary access period by running the pacli status command in a terminal window, which will display the expiration time if privileged access is active.
Troubleshooting
If you encounter issues with anti-tamper protection:
- Invalid password message—Ensure you're entering the correct OTP for your
specific device and operation. OTPs are case-sensitive and must be entered
exactly as provided.
- Operation still blocked after entering OTP—The OTP might have expired or
already been used. Contact your IT support team for a new OTP.
- No prompt for password when expected—Your administrator might have
configured anti-tamper protection differently than you expected. Contact your IT
support for clarification.
- Emergency situations—If you need urgent assistance, especially in cases
where network connectivity is limited, inform your IT support team. They have
access to emergency authentication methods for critical situations.
All attempts to use OTPs—both successful and unsuccessful—are logged and may be reviewed by your security team.