>
    Strata Copilot
    Use Prisma Access Agent Anti-Tamper Protection
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent for Desktop Devices
    4. Use Prisma Access Agent Anti-Tamper Protection
    Download PDF
    Prisma Access Agent

    Use Prisma Access Agent Anti-Tamper Protection

    Table of Contents

    Use Prisma Access Agent Anti-Tamper Protection

    Learn how anti-tamper protection affects your interactions with Prisma Access Agent and how to perform common tasks when protection is enabled.
    Where Can I Use This?What Do I Need?
    • Prisma Access Agent
    • Minimum Prisma Access Agent version: 25.4
    • macOS 14 and later or Windows 10 version 2024 and later desktop devices
    • Internet access
    When your administrator has enabled anti-tamper protection for Prisma Access Agent, certain operations require additional authentication. This protection prevents unauthorized changes to the agent's critical files, services, and settings, maintaining the security and integrity of your device connection to Prisma Access.
    Anti-tamper protection is transparent during normal operations—you can continue to use your device and applications as usual without interruption. The protection only affects attempts to modify, disable, or uninstall the Prisma Access Agent itself.

    When You Will Encounter Anti-Tamper Protection

    You might encounter anti-tamper protection when attempting to:
    • Disable the Prisma Access Agent temporarily
    • Uninstall the Prisma Access Agent from your device
    • Modify or restart Prisma Access Agent services
    • Change Prisma Access Agent files or registry settings
    When you attempt any of these operations, depending on your administrator's configuration, the Prisma Access Agent app might request a password or one-time password (OTP).

    Disabling the Agent Temporarily

    If you need to temporarily disable the Prisma Access Agent (for example, when troubleshooting network issues), your experience will depend on how your administrator has configured anti-tamper protection:
    • If set to Allow: You can disable the agent without any password by clicking the Disable options in the agent app or using the appropriate command-line instruction.
    • If set to Allow with One Time Password: You will need to enter a valid one-time password when prompted. Your IT administrator or help desk must provide this password.
    • If set to Disallow: The Disable option won’t be visible in the agent app. Contact your IT administrator if you need the agent disabled.
    If the agent is temporarily disabled, it will automatically re-enable after a period set by your administrator (typically 30 minutes).

    Uninstalling the Agent

    When anti-tamper protection is enabled and you attempt to uninstall the Prisma Access Agent:
    1. On Windows: Navigate to Control PanelProgramsUninstall a Program, select Prisma Access Agent, and click Uninstall.
    2. On macOS: Run the following command:
      /Applications/Prisma\ Access\ Agent.app/Contents/Helpers/uninstaller
    3. For both Windows and macOS: When prompted, enter the Uninstall OTP provided by your IT administrator.
    If you don't have the proper OTP, the uninstallation won’t proceed. Contact your IT support team for assistance.

    Obtaining a Password or OTP

    When you need to perform an operation that requires authentication, you will need to contact your IT support team or help desk. They can generate the appropriate password or OTP for your specific device and the operation you need to perform.
    OTPs are typically:
    • Unique to your device
    • Valid for only one use
    • Specific to the operation you need to perform
    Your IT team might use different distribution methods to share the OTP with you, such as secure messaging, phone calls, or ticketing systems.

    After Using an OTP

    After using a Privileged Access OTP to perform an operation, you will have temporary access to perform additional privileged operations without reentering a password. You administrator sets the temporary access period (typically 30 minutes).
    During this period:
    • You can perform additional privileged operations without reentering a password
    • The system will notify you approximately five minutes before this privileged access expires
    • After the access period expires, you will need a new OTP for any additional privileged operations
    You can check the status of your temporary access period by running the pacli status command in a terminal window, which will display the expiration time if privileged access is active.

    Troubleshooting

    If you encounter issues with anti-tamper protection:
    • Invalid password message—Ensure you're entering the correct OTP for your specific device and operation. OTPs are case-sensitive and must be entered exactly as provided.
    • Operation still blocked after entering OTP—The OTP might have expired or already been used. Contact your IT support team for a new OTP.
    • No prompt for password when expected—Your administrator might have configured anti-tamper protection differently than you expected. Contact your IT support for clarification.
    • Emergency situations—If you need urgent assistance, especially in cases where network connectivity is limited, inform your IT support team. They have access to emergency authentication methods for critical situations.
    All attempts to use OTPs—both successful and unsuccessful—are logged and may be reviewed by your security team.

    © 2025 Palo Alto Networks, Inc. All rights reserved.