Device Security - Cortex XDR Desktop and Mobile Device Support

Palo Alto Cortex XDR is more advanced than a traditional antivirus solution. Cortex is an extended detection and response app that uses real-time detection to respond to malware and other sophisticated attacks while preventing malicious software from running on devices.

Getting Started

If your college or department is using the centrally provided endpoint management tools, your devices should already have Cortex XDR installed. If you are not sure your device is using the centrally provided tools, please reach out to your IT support team to discuss your options. You may also reach out to your campus Help Desk for assistance.

While ITS does not provide direct support for personally owned devices, it is highly recommended that all faculty, staff and students download a free, University-provided personal version of Cortex for use on home computers. 

To download Cortex XDR by Palo Alto for personal devices, click on Cortex for Personal use and download the required version. Additional installation instructions can be found in the installation instruction links to the right.


Students, faculty and staff are eligible for this service.


There is no charge for this service, which is considered a common-good service.


Cortex XDR installers are available for Windows, macOS and Linux.

Additional Information

QUESTION: If I install Cortex on my personal device, can the University monitor the device?
The personal version of Cortex (titled "Cortex PREVENT") provides devices with basic malware prevention services from Palo Alto Networks. The PREVENT license is offered by the University of Nebraska to faculty/staff/students for personal device protection at no additional cost.  PREVENT does not include the advanced forensics or remediation functionality that is included on university-owned devices ("PRO License"). Additionally, a Cortex administrator can NOT initiate remote terminal sessions or view any files on a PREVENT licensed client. Cortex administrators can see basic metadata for personal devices such as the device name, OS version, active username, MAC address, and IP address.  The University of Nebraska maintains the right to deny access to devices detected as participating in activity which violates section 6 of EM 16, regardless of installation of PREVENT license.  As a "common good" service and in real observed cases, personal devices which were compromised and participating in malicious activity unknown to the user have been identified, the user notified, and the PREVENT agent installed to cease the malicious activity and secure the user's personal device.  PREVENT helps maintain a cyber-secure ecosystem for all University network users.