Prisma Access Agent HIP Exclusion, Patch Exception, and HIP Retry
Prisma Access Agent provides HIP exclude categories, patch exceptions, and automatic
retry to improve compliance checking performance and reduce false failures.
Organizations deploying Prisma® Access Agent might face performance issues related to
host information profile (HIP) data collection and reporting, such as:
- Collecting data from host information profile (HIP) compliance categories
that are not required by your organization
- False HIP failures from frequent security updates with identical KB
identifiers
- Unreliable report delivery due to network connectivity problems
You can now
configure enhanced HIP capabilities to
resolve these issues through three improvements.
- The Exclude Categories feature allows you to skip data collection for entire
compliance categories like patch management or anti-malware, reducing
processing overhead when certain checks are not relevant to your security
requirements.
- You can configure patch exceptions to exclude specific security patches
either permanently or temporarily by specifying KB article IDs, eliminating
false failures from routine security updates.
- The HIP retry functionality automatically resubmits HIP reports when initial
transmission fails due to network connectivity issues, performing up to
three retry attempts with full logging to ensure reliable data delivery to
gateways.
These enhancements reduce administrative overhead while supporting Zero Trust Network
Access requirements across Windows and macOS platforms.
