Known Issues in Traps Agent 5.0 - Release Notes - 5.0 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Traps Agent Release Notes

Product
Cortex XDR
Cortex XDR Agent
Version
5.0
Creation date
2022-09-01
Last date published
2023-06-26
Category
Release Notes

The following table details known issues in Traps agent 5.0 releases.

Issue ID

Description

CPATR-12877

On Windows endpoints, unknown macros in Microsoft Office documents invoke notifications about these files when their verdict is received.

CPATR-12865

On Windows endpoints, post-detection alerts for Microsoft Office files that contain a macro are not retrievable from the management server.

CPATR-10614

The Traps agent does not create a post-detection event when it receives from WildFire a malware verdict for a macro file that had a previous non-malware verdict.

CPATR-9702

On endpoints running Windows Embedded POSReady 2009, the Traps agent 5.0.10 sometimes halts when:

  • The Traps console is open on the endpoint before the agent applies the policy.

  • The Traps agent is running on the endpoint and attempting to update the Traps console (for example change the protection status or check-in info) while the console is closed, however it was previously open on the endpoint.

The recommended workaround for this issue is:

  1. Close the Traps console on the endpoint.

  2. Delete the TrapsAgent_XXX.txt file from C:\Documents and Settings\All Users\Application Data\Cyvera\Everyone\Ipc.

  3. Restart CyveraService.exe using Cytool:

    1. Cytool runtime stop cyveraservice

    2. Cytool runtime start cyveraservice

Note

Before you install or upgrade the Traps 5.0.10 agent on an endpoint running Windows Embedded POSReady 2009, see Changes to Default Behavior in Traps Agent 5.0.10

CPA-3352

This issue is now resolved. See Addressed Issues in Traps Agent 5.0.6.

On endpoints running Windows 10 Insider Preview, the Windows Defender Security Center displays Virus & threat protection as Unknown and displays Status unavailable for Traps even though Traps successfully registers with the Security Center and is available.

CPA-2814

This issue is now resolved. See Addressed Issues in Traps Agent 5.0.3.

When you install Traps on a Linux endpoint and multiple OpenSSL Red-hat Package Manager (RPM) packages are installed, installation fails.

Workaround: Remove any extra OpenSSL packages from the Linux server.

CPA-2681

This issue is now resolved. See Traps Agent 5.0.1 Addressed Issues.

Clicking Check In Now in the Traps agent console disconnects the agent from the Traps management service after you configure a malware profile with a Parent Process Name that exceeds 250 characters (ProfilesWindows<malware_profile>).

CPA-1942

This issue is now resolved. See Traps Agent 5.0.1 Addressed Issues.

When you first install the Traps agent, the Traps management service can take up to one hour to display the associated content and agent version. As a result, the Dashboard can misreport the content version as outdated.

CPA-1861

This issue is now resolved. See Addressed Issues in Traps Agent 5.0.4.

When device details such as username, user domain, and hostname change on an endpoint, the Traps management service can take up to five minutes to display the updated details after the endpoint restarts.

CPA-1768

This issue is now resolved. See Addressed Issues in Traps Agent 5.0.4.

When a remote user logs into a Remote Desktop Server, the Traps does not capture the name of the remote user. As a result, when a security event occurs, the user is identified in logs as undefined.

CPA-1278

When you configure a hash exception for a file that local analysis reported as malware, the Traps agent overrides the WildFire verdict of Unknown with Benign in the local cache instead of waiting for the official WildFire verdict.