Cortex XDR Supported Kernel Module Versions by Distribution
To enable full endpoint protection features on Linux endpoints, you must use a supported Linux kernel version.
On Linux endpoints, to perform malware analysis of Executable and Linkable Format (ELF) files and collect data for endpoint detection and response (EDR) and behavioral threat analysis, the Cortex® XDR™ agent requires Linux kernel 3.4 or a later version. If you deploy the Cortex XDR agent on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode, where:
- Continuous event monitoring required for Behavioral Threat Protection is disabled.
- Sharing endpoint activity data with Cortex apps is disabled.
- The Local Privilege Escalation Protection module is disabled.
- Alert indicators, such as file path or hash, can be missing for processes with a very short lifespan.
- ELF file examination occurs in parallel with the file execution. If the Cortex XDR agent obtains a malware verdict for the file, it terminates the file execution. Security events for malware in asynchronous mode are assigned a high severity due to the potential for continued execution during the verdict request (security events in synchronous mode are medium severity).
- Starting with Cortex XDR agent 7.5, Reverse Shell protection is disabled.
- All other exploit and malware protection is enabled per your Linux Security policy rules.
For Cortex XDR agent 7.1 and later versions, in addition to deploying on a supported kernel version, you must ensure it is possible to load third party modules by disabling UEFI SecureBoot; otherwise, the Cortex XDR agent will operate in asynchronous mode.
Beginning with Cortex XDR agent 7.1, changes to the kernel module versions are distributed with content updates. For earlier Cortex XDR agent releases, changes to the kernel module versions are distributed with the agent releases.
Latest Kernel Module Version Support
Cortex XDR agent 7.1 and later versions support the following kernel module versions as of content update 197-69987.
Supported Kernel Versions
Recommended For You
Recommended videos not found.