An error message stating, "Tamper protection is enabled" is encountered when trying to uninstall the Cortex XDR software during a Windows OS upgrade. 

Unistalling Cortex XDR is part of the Windows OS upgrade procedure. 

A 30 - CHARACTER PASSWORD FROM ACTIVE EYE IS NEEDED TO COMPLETE THIS TASK 

The cytool.exe is used to disable the anti-tampering and allow the program to be uninstalled.

1. Navigate to the file path C:\Program Files\Palo Alto Networks\Traps using CMD in Administrator mode
2. The following command will need to be run, "cytool protect disable"

3. Enter the 30-character Password received from Active EYE
4. Once the correct password is entered, it will display tamper protections have been disabled

5. Reboot the machine. Cortex XDR should be removed. 

6. Check to see if it has been removed in Windows, program files, uninstall. If it is still there uninstall the program.