PAN-SA-2022-0002 Informational: Cortex XDR Agent: Product Disruption by Local Windows Administrator
The Palo Alto Networks Product Security Assurance team is aware of a technique that can enable a local administrator to tamper with the Windows registry to disable the Cortex XDR agent on devices running a Windows operating system.
As a result, critical Windows system services would not be available and normal usage of the device would be disrupted. Please note, the device must be rebooted for this to take effect.
This issue does not have a net security impact on the confidentiality, integrity, or availability of the system. The local Windows administrator is able to disrupt normal usage of the device without this technique.
|Cortex XDR Agent||all on Windows||all on Linux and macOS|
While details of this issue are publicly available, Palo Alto Networks is not aware of any malicious exploitation of this issue.
This tampering is prevented with Cortex XDR agent content update 480 and later content updates.
Workarounds and Mitigations
There is no known workaround available for this issue.