From the Cortex XDR management console, you have full visibility into the XDR agent operational status on the endpoint, which indicates whether the agent is providing protection according to its predefined security policies and profiles. By observing the operational status on the endpoint, you can identify when the agent may suffer from a technical issue or misconfiguration that interferes with the agent’s protection capabilities or interaction with Cortex XDR and other applications. The XDR agent reports the operational status as follows:
Protected—Indicates that the XDR agent is running as configured and did not report any exceptions to Cortex XDR.
Partially protected—Indicates that the XDR agent reported one or more exceptions to Cortex XDR.
Unprotected—Indicates the XDR agent is not enforcing protection on the endpoint.
Local Resource Impact—indicates that the XDR agent machine resources currently available for use, are not enough for the agent to operate smoothly.
You can monitor the Cortex XDR agent Operational Status in → . If the Operational Status field is missing, add it.
The operational status that the agent reports varies according to the exceptions reported by the XDR agent.
(Windows, Mac, and Linux) Indicates all protection modules are running as configured on the endpoint.
Windows, Mac, and Linux:
Local Resource Impact
Windows, Mac, Linux
In addition to the status, either one of the following sub-statuses appear:
Status can have the following implications on the endpoint: