![SWTB_logo_rgb_color_mode-wPadding-2000x961.png]](https://help.softwaretoolbox.com/hs-fs/hubfs/SWTB_General/Images/Press_Kit/SWTB_logo_rgb_color_mode-wPadding-2000x961.png?height=50&name=SWTB_logo_rgb_color_mode-wPadding-2000x961.png){kind=logo}
TOP Server hangs after a Cortex XDR V9.1 update
This article explains a known issue where TOP Server may become unresponsive after an update to Cortex XDR. It also covers the confirmed workaround and possible exclusion-based troubleshooting steps.
After upgrading Cortex XDR to version 9.1 you may see one or more of these symptoms:
- The TOP Server runtime becomes unresponsive
- The runtime cannot be stopped
- The configuration interface cannot connect to the runtime
- An application report cannot be generated
- TOP Server starts normally, but hangs after tag requests begin
Why this happens
This issue appears to be caused by an interaction between Cortex XDR version 9.1 and the TOP Server runtime process.
In affected environments, disabling or downgrading Cortex XDR resolves the lock-up. This indicates the issue is related to endpoint protection behavior in the environment, not a confirmed defect in TOP Server.
Confirmed Resolution
The confirmed workaround is:
- Revert Cortex XDR from version 9.1 to version 9.0
- Disable automatic updates for Cortex XDR so the issue does not return
At this time, this is the only confirmed workaround.
Next Steps
If your organization needs to remain on Cortex XDR version 9.1 or later, contact Palo Alto Networks support.
Ask their team to review the behavior difference between version 9.1 and version 9.0 and confirm whether:
- A product fix is available
- A supported configuration change is available
- Additional exclusions or policy changes are required
Potential exclusions
There is currently no confirmed exclusion list that resolves this issue in every environment.
However, your IT or security team can test whether Cortex XDR exclusions reduce or prevent the issue. This should be treated as a troubleshooting step, not a verified resolution.
Your team may need to:
- Whitelist TOP Server-related processes
- Allow required communication ports
- Confirm local firewall and endpoint protection rules are not blocking runtime communication
Processes to review
TOP Server shares the same service set as Kepware, except for UA Gateway and IoT Gateway, which are not included with TOP Server.
Review these processes and services when testing exclusions:
server_runtime.exeserver_eventlog.execonfig_api_service.exekeysvc.exeopc-ua-gateway-service.exeserver_iotgateway.exeserver_store_and_forward.exeserver_script_engine.exeserver_historian.exeserver_config.exeserver_admin.exeactivationclient.exeopcuacm.exeapplicationreport.exe