Endpoint Detection and Response (EDR) Agent Support Lifecycle

This article defines the support lifecycle for Endpoint Detection and Response (EDR) agents deployed at Stephen F. Austin State University. It identifies which EDR agent versions are supported by the vendor, supported by ITS, or no longer supported, and provides guidance for maintaining endpoint security, stability, and compliance. While the current EDR platform is Palo Alto Networks Cortex XDR, the lifecycle framework outlined in this article applies to any EDR solution approved for use by the

General Information

This article defines the support lifecycle for Endpoint Detection and Response (EDR) agents used at Stephen F. Austin State University.

Maintaining supported EDR agent versions is required to ensure effective threat detection and response, reduce exposure to unpatched vulnerabilities, maintain system stability, and support compliance with university policies and applicable regulatory requirements.

When available, ITS references vendor-published lifecycle documentation to align institutional support decisions with vendor recommendations.

EDR Agent Lifecycle Phases

Status	Description
Testing	The version is being evaluated by ITS and is not approved for general production use.
Supported	The version is vendor-supported, approved by ITS, and permitted for use on university systems.
Limited Support	The version may still function, but upgrade is recommended due to age, vendor guidance, compatibility concerns, or upcoming support changes.
Unsupported	The version is no longer supported or approved for use and must be upgraded or removed unless an exception has been approved.

Upgrade Requirements

Devices running unsupported EDR agent versions must be upgraded to a supported version within 30 days of the version being classified as unsupported unless an exception has been approved by ITS Security.

Enforcement

Devices running EDR agent versions below the minimum supported version are considered non-compliant with university security standards.

Systems running unsupported EDR agents may be subject to security or remediation actions, including but not limited to:

• Network access restrictions
• Security control enforcement
• Endpoint isolation or containment
• Forced upgrade or remediation by ITS
• Removal or replacement of the unsupported agent version

Responsibilities

Role	Responsibility
ITS Security	Maintains lifecycle information, evaluates new EDR agent versions, reviews exceptions, and coordinates remediation.
Departments and System Owners	Ensure assigned systems remain compliant with supported EDR agent versions and coordinate upgrades when needed.
End Users	Must not disable, remove, bypass, or interfere with the EDR agent installed on university systems.

Exception Process

Exceptions to the EDR agent support lifecycle must be reviewed and approved by ITS Security. Exception requests should include:

• Business justification
• System or endpoint details
• Risk acknowledgment
• Compensating controls, if applicable
• Expected remediation or upgrade timeline

Vendor Reference

• Cortex XDR Agent Compatibility and Installation Information

Support Status Legend

The legend below explains how EDR agent versions are categorized for support purposes.

To simplify lifecycle management, ITS defines a minimum supported EDR agent version. Versions earlier than 8.9.x are considered unsupported and must be upgraded.

Category	Version	Status	Required Action
Current Version	9.1	Supported	No action required.
Minimum Supported Version	8.9.x	Supported	Upgrade recommended to latest version.
Legacy Versions	< 8.9.x	Unsupported	Upgrade required.

Review Cycle

ITS reviews the EDR agent support lifecycle at least quarterly or when major vendor support, compatibility, or security guidance changes occur.

Questions or Assistance

Contact the IT Help Desk at (936) 468-4357 (HELP) for questions or assistance.