Review the considerations related to third-party security software integration with Cortex XDR software.
This information outlines important considerations regarding the integration of third-party security software with Cortex XDR agent software. The following tables detail security products that have known limitations or require specific additional actions to ensure proper integration with Cortex XDR agents.
It is important to note that while other third-party applications may be compatible with Cortex XDR agents, Palo Alto Networks has not conducted compatibility testing on these products. Customers who intend to install such applications alongside Cortex XDR agents are advised to perform thorough internal testing to ensure there are no conflicts or performance issues.
Should you encounter any problems during the integration process with any third-party security software, please contact your support team for assistance.
Third-party Windows security applications
Application Name | Limitations |
|---|---|
CrowdStrike Falcon | Note that there may be performance implications that cannot be predicted due to usage of multiple applications simultaneously. |
Microsoft Defender | If a Cortex XDR agent is running alongside Microsoft Defender on endpoints running Windows Server editions, we recommend setting Defender to Passive mode. Note that there may be performance implications that cannot be predicted due to usage of multiple applications simultaneously. |
Trellix McAfee Solidcore/Solidifier | Running exploit protection and Solidcore/Solidifier in parallel is not supported. All other malware protection functionality—such as local analysis, WildFire analysis, and restriction rules—works as expected. Note that there may be performance implications that cannot be predicted due to usage of multiple applications simultaneously. |
SentinelOne Singularity XDR | Note that there may be performance implications that cannot be predicted due to usage of multiple applications simultaneously. |
Third-party Mac security applications
Application Name | Limitations |
|---|---|
Symantec Endpoint Protection (SEP) | Uninstalling or upgrading Cortex XDR agent on Mac endpoints with SEP installed is not supported. |
Third-party Linux security applications
Application Name | Limitations |
|---|---|
SELinux | Because SELinux collides with the agent injection mechanism, injection-based security modules (ROP Mitigation and Brute Force Protection) are disabled when SELinux is enabled. All other exploit and malware protection functionality works as expected. No user action is required. |
Symantec | Running Symantec Kernel Module on Linux machines side by side with Cortex XDR is not supported. |
McAfee | Running McAfee Kernel Module on Linux machines side by side with Cortex XDR will lead to the Cortex XDR agent running without the Kernel Module and be partially protected. It is recommended to have the McAfee KM disabled. |