We recently found a few servers were having problems seeing other servers and set out to figure out why. Communication was fine in one direction but not the other (i.e. SERVER1 could talk to SERVER2, but SERVER2 could not talk to SERVER1).

When we say “talk” we mean we could not use UNC paths like \\SERVER1\C$ or even ping in one direction.

We found the Windows Firewall was disabled, Trend AV firewall was disabled, but Cortex XDR was on. After looking though Cortex Management Console we found a few related entries and whitelisted a few behaviors, but even after manually refreshing the settings on the client servers, the problems persisted.

We decided to stop and uninstall Cortex XDR completely, just as a test and, BINGO, the problems went away.

how to disable and uninstall PaloAlto Cortex XDR formerly TRAPS

How To Disable and Uninstall Cortex XDR:

  1. Start a CMD Prompt, PowerShell, or Windows Terminal as an ADMINISTRATOR
  2. Type cytool protect disable and press ENTER
  3. Type in the password
    • The default password for Cortex XDR cytosol is Password1
  4. Wait for the tool to disable the Cortex services
  5. Right Click on the START button and select APPS & FEATURES
  6. Click on CORTEX XDR and click the UNINSTALL button
  7. Click OK/YES button on the Machine Will Need To Be Rebooted To Complete The Uninstall Process popup
    • The machine may need to be rebooted to complete the uninstall BUT it does not need to be rebooted to have Cortex stop blocking whatever it is blocking.
  8. Wait a few minutes to the uninstall to complete


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *