Installing Cortex XDR on macOS

Summary

Provides installer and instructions for Cortex XDR on macOS.

Body

The current version of Cortex XDR can be installed on supported versions of macOS. The University has licensed Cortex XDR for university-owned devices ONLY. This article describes how Cortex XDR can be installed on your Mac device.

If your device is enrolled in device administration, Cortex XDR can be installed via Company Portal.  For non-administered devices, or shared Mac's (no primary user), follow the manual instructions below.

Cortex XDR cannot be automatically installed via Intune since the installation requires some manual steps to grant security and enter an ID for check-in.

Administered Devices - Installation via Company Portal

Step1: Initial Install using Company Portal

Prerequisites

  1. The device must have a primary user and have Company Portal installed and working. This procedure will not work on Macs without identity affiliation.
  2. You must have an administrator account and password.

The way to start the install for Cortex XDR, is to use the Company Portal.

  1. Open Company Portal from the Finder.
    (If you don't have Company Portal installed, consider adding your computer into device management. Otherwise, follow the Manual Installation instructions below.)
     
  2. Search for Cortex.
     
  3. Click the Cortex XDR app.
     
  4. Click Install. The device will sync, download and install the Cortex software. This process can take a significant amount of time; when it is complete you will see the Install button change to Re-install

 

Step 2: Post install configuration

Cortex requires extra permissions to properly protect a device. If you run into difficulty with these steps, please reach out to IT Services and we can walk you through it remotely. 

To begin the post install configuration. Click the Cortex icon in the top menu bar and choose. Open Console. You will see a screen that shows Unprotected. Choose Open configuration wizard:

 

Allow System Extensions:

You will receive a prompt that system extensions are being blocked, if this prompt didn't come up, skip this step for now. When the prompt comes up follow the steps below:

  1. Click Open Security Preferences
  2. Click on the lock to enable the details button
  3. Click on Details
  4. Choose both Cortex XDR options and click OK

 

Allow Network Filters:

You will receive a prompt that Cortex would like to Filter Network Content, if this prompt didn't come up, skip this step for now. When the prompt comes up be sure to click Allow

Uploaded Image (Thumbnail)

 

Allow Full Disk Access:

You will receive a prompt that Cortex {prompt}, if this prompt didn't come up, skip this step for now. When the prompt comes up follow the steps below:

  1. Open Security and Privacy settings
  2. Click on the lock to enable changes
  3. Click on Full Disk Access
  4. Click on the check boxes next to pmd and TrapsSecurityExtension

 

Allow Cortex Agent Notifications

You will receive a prompt in the top right Cortex XDR Agent Notifications, if this prompt didn't come up, skip this step for now. When the prompt comes up be sure to click Allow

Connect Cortex to the University's Administration console

The final step is to connect the Cortex app to the Administration Console.

  1. Open a terminal window by clicking GO --> Utilities and then clicking Terminal
  2. Copy and Paste the following command and press enter Note: it is all one line but might appear to take up multiple lines on your screen. Be sure to copy the whole command completely
  3. echo Password1 | sudo "/Library/Application Support/PaloAltoNetworks/Traps/bin/cytool" reconnect force 02886999d5024322ae81e9948b238643; sleep 5; "/Library/Application Support/PaloAltoNetworks/Traps/bin/cytool" checkin
  4. The terminal will prompt you for your device password. enter it and press enter
  5. You will see the message "Run checkin as sudo" 

Your installation is now complete. The checkin process will cause any prompts you haven't yet seen to display. Follow the steps for each as documented above.

Non-Administered Devices - Manual Installation

Prerequisite - you will need the assistance of a campus computer technician.

  1. Download the installer file from the Campus Computer Technicians Team.
     
  2. Find the downloaded file. It will likely appear on the right-side of the Dock.
     
  3. Install the file as appropriate for your version of macOS.

 

Older Versions

There may be an older build of Cortex XDR available that will run on older macOS versions. Open a ticket with the Service Desk with a request to review if there is an option for your operating system version.

 

More Information

Full instructions are available on the Palo Alto Networks Cortex site at this link:
Install the Cortex® XDR™ Agent Manually (paloaltonetworks.com)

 

Details

Details

Article ID: 147701
Created
Wed 11/9/22 4:07 PM
Modified
Mon 4/17/23 4:16 PM

Related Articles

Related Articles (1)

Cortex XDR Endpoint Protection and Response
Cortex XDR is the new campus endpoint protection / antivirus solution.