Services, Drivers, and Processes
Cortex XDR installation log
Specifies any errors encountered during installation of agent components. Use this log file when you need to troubleshoot installation issues. On Windows endpoints, the installer stores the log files in the
Cortex XDR agent service log
Indicates information, warnings, and errors related to the Cortex XDR. The Service log is located in the following folder on the endpoint:
Cortex XDR agent console log
Indicates information, warnings, and errors related to the agent console. The Console log is located in the following folder on the endpoint:
Supervisor Command Line Tool (cytool.exe)
Allows you to manage agent features and perform advanced troubleshooting on the local endpoint from a command line interface. For more information, see Cytool for Windows.
Unknown files for analysis
The agent stores unknown files to send to Cortex XDR in the
In some cases, third-party Antivirus (AV) applications raise an alert for this folder. If this occurs, we recommend that you whitelist this folder in the third-party AV application.
Cortex XDR Health Helper
Improves the upgrade process of the Cortex XDR agent, which monitors the machine at startup and initiates an upgrade rollback in case of a failed upgrade. As upgrades have multiple re-tries, the next try works on the agent of its original version with no interference. The service only runs at startup and remains in pause mode during other times. To ensure this service is not removed, a periodic task would re-instate the process in case it was removed.