End-of-Life (EoL)
Addressed Issues in Traps Agent 6.1
The following tables lists the issues that were addressed
in Traps agent 6.1 releases.
Addressed Issues in Traps Agent 6.1.9-hotfix (Windows)
Issue ID | Description |
---|---|
CPATR-16539 | Fixed an issue addressing vulnerability CVE-2022-0778 |
Addressed Issues in Traps Agent 6.1.9
Issue ID | Description |
---|---|
CPATR-14729 Windows ) | Fixed an issue where some processes may
crash while the DLL Security module is enabled. |
CPATR-13480 ( Windows ) | Fixed security issue. |
CPATR-13408 ( Windows ) | Fixed security issue. |
CPATR-13405 ( Windows ) | Fixed security issue. |
CPATR-12633 ( Windows ) | Fixed security issues. |
CPATR-14729 ( Windows ) | Fixed an issue where sec.dll files
might crash some Windows processes. |
CPATR-14258 ( Windows ) | Fixed an issue where multiple report responses
may cause high CPU on the agent. |
Addressed Issues in Traps Agent 6.1.7/8-hotfix
The following has been addressed in this release for
build numbers:
Windows - 6.1.8.40522 Mac - 6.1.7.1689 Linux - 6.1.7.39973
Feature | Description |
---|---|
CPATR-14895 | Fixed an issue where Cortex XDR agents running without
trusting certificates “GlobalSign Root CA” may encounter issues
downloading upgrade packages and content updates, and may also affect
large scans verdict retrieval. |
Addressed Issues in Traps Agent 6.1.8
Issue ID | Description |
---|---|
CPATR-12649 ( Windows ) | Fixed an issue where the Traps agent did not detect
the existence of a macro within a Microsoft Office document. |
CPATR-12713 ( Windows ) | Fixed an issue where post-detection of macro-contained
Microsoft Office files was not reported to the Cortex XDR management server. In
a post-detection of a macro-contained file, the Traps agent does
not terminate the source process, regardless of the applied Malware
Profile. |
CPATR-12009 ( Windows ) | Fixed an issue where the agent did not analyze
the macro content within a Microsoft Office document. |
CPATR-11927 | Addressed security issues. |
Addressed Issues for Traps Agent 6.1.7-hotfix (Mac &
Linux)
Issue ID | Description |
---|---|
CPATR-16539 | Fixed an issue addressing vulnerability CVE-2022-0778 |
Addressed Issues in Traps Agent 6.1.7
Issue ID | Description |
---|---|
CPATR-11311 ( Windows ) | Fixed an issue on Windows endpoints where the Traps
agent did not detect the existence of a macro within a Microsoft
Office document. |
CPATR-10622 | On Linux endpoints connected to Cortex XDR through
a proxy, fixed an issue where the Traps agent attempted to resolve
DNS requests directly without using the proxy. |
CPATR-10042 | On endpoints connected to Cortex XDR through a
proxy, fixed an issue where after upgrading to Cortex XDR agent
7.1 release, the agent failed to register due to incorrect timeout
settings. |
CPATR-9972 | Fixed an issue where the Traps agent failed
to connect to the server when using an invalid ID, even with the Cytool reconnect force command. |
CPATR-9871 | Addressed security issues. |
CPATR-9718 ( macOS ) | Fixed a performance issue that occurred on
Mac endpoints running heavy script loads. |
CPATR-9134 | Fixed an issue where the Traps agent failed
to collect log files when executing the Cytool log collect command
from a LocalSystem account. |
CPATR-9082 ( Linux ) | Fixed a compatibility issue where the Traps agent
installation failed on Linux endpoints with preloaded libraries ( LD_PRELOAD and /etc/ld.so.preload ). |
CPATR-9008 | On endpoints connected to Cortex XDR through a
proxy, fixed an issue where multiple requests to get verdicts from
WildFire® would hang if the activity mode of the proxy was changed. |
CPATR-8763 ( Windows ) | On Windows endpoints, fixed compatibility issues
with the scanning of CSVFS volumes. |
CPATR-8533 ( Linux ) | Removed unnecessary error messages from the log
files on Linux endpoints. |
CPATR-8488 | Fixed an issue where the Traps agent reported an
empty status to Cortex XDR, if the status reporting occurred immediately
after agent startup on the endpoint. |
CPATR-8244 | Fixed an issue where Cytool erroneously reported
running services as stopped on a Linux endpoint running non XSI-conforming
PS binary (pre-2014). |
Addressed Issues in Traps Agent 6.1.6
Issue ID | Description |
---|---|
CPATR-8988 | Fixed a race condition between the Cortex XDR agent
injector and certain processes running on the endpoint which could
cause the processes to hang during startup. |
Addressed Issues in Traps Agent 6.1.5-h1
Issue ID | Description |
---|---|
CPATR-8891 ( Windows ) | Palo Alto Networks strongly
recommends that you upgrade your operating system as soon as possible
and follow Microsoft Security Advisory statement regarding
vulnerability CVE-2020-0796. |
Addressed Issues in Traps Agent 6.1.5
Issue ID | Description |
---|---|
CPATR-8459 | Fixed an issue where the content update failed on
the endpoint due to network issues, and the agent policy was being
updated even though the content update did not contain policy updates. |
CPATR-8404 | Fixed an issue where the Ransomware Protection
module accessed certain file objects from invalid execution contexts,
causing processes running on the endpoint to halt or consume high
CPU. |
CPATR-8403 and CPATR-8131 | Fixed a race condition between the Cortex XDR agent
injector and certain Syslog and DL processes running on the endpoint
which could cause the processes to hang during startup. |
CPATR-8353 | Extended the Cytool log collect timeout from two
minutes to ten minutes to support the collection of large log files. |
CPATR-8305 | To prevent license leakage, now Cortex XDR
will prevent the re-registration of a Golden image instance until
a user logs on. |
CPATR-8157 | Addressed security issues. |
CPATR-8063 | Fixed an issue where the security module was set
to notify, however security_events.db reported
the process as failed to terminate (Target process termination: Yes (Failed) ). |
CPATR-7995 | Now when the agent settings profile on the endpoint
is set to hide the Cortex XDR agent tray icon on the endpoint, the
icon will be hidden already when the user logs on or reboots the
machine, and not only after the first agent heartbeat. |
CPATR-7962 | Fixed an issue where the VDI instance created from
a Golden image that included proxy configuration did not receive
the proxy configuration. |
CPATR-7798 ( macOS ) | Fixed an issue where you could not restore
a quarantined file to a custom location using Cytool on a Mac endpoint
running macOS10.15. |
Addressed Issues in Traps Agent 6.1.4-h1
Issue ID | Description |
---|---|
CPATR-8342 ( Windows 10 ) | For all Windows 10
endpoints Palo Alto Networks strongly recommends that you upgrade
to the latest Windows Update that has a fix for vulnerability CVE-2020-0601. For
Traps agents running on unpatched Windows 10 endpoints, this version
includes a hotfix to address vulnerability CVE-2020-0601. When
there is an attempt to exploit CVE-2020-0601 on an unpatched Windows
10 endpoint, the Behavioral Threat Protection (BTP) module will
detect and terminate the malicious executable. This capability
is available in Traps management service and requires build 6.1.4.32252
and content update 93. If you are using Cortex XDR, Palo Alto Networks
plan to have a similar fix in the next maintenance release for the
Cortex XDR 7.0 agent. |
Addressed Issues in Traps Agent 6.1.4
Issue ID | Description |
---|---|
CPATR-7911 ( Linux ) | Fixed an issue on Linux endpoints
related to exploit protection modules and Traps services where spikes
or continuous loading of processes on a system event led to the
Traps agent being out of sync with the Linux server state regarding
processes and permissions. |
CPATR-7900 | Fixed an issue that occurred after a malware scan
completed where Traps reported duplicate scan completion events
to Traps management service. |
CPATR-7864 ( Windows ) | Fixed an issue on Windows endpoints where the DLL
hash calculation caused high memory consumption on the endpoint. |
CPATR-7852 ( Windows ) | Fixed an issue on Windows endpoints where Traps
could not generate a Tech Support File if you use Roaming User Profiles. |
CPATR-7669 | Fixed an issue that occurred during a Live Terminal
session where you could not explore the file system if an exception
occurred during data retrieval. |
CPATR-7663 ( Linux ) | Fixed an issue on Linux endpoints where Traps reported
that Ubuntu 12 was incompatible with the kernel module. |
CPATR-7487 ( Windows ) | Fixed an issue on Windows endpoints where installing,
upgrading, or uninstalling the Traps agent software did not complete
when services took longer than 30 seconds to start or stop. |
CPATR-6918 ( Windows ) | Fixed an issue on Windows endpoints where Live
Terminal configurations were not protected by Agent Tampering Protection. |
Addressed Issues in Traps Agent 6.1.3
Issue ID | Description |
---|---|
CPATR-7635 | Fixed a memory leak that occurred on specific network
hardware during event collection of network events. |
CPATR-7577 ( Linux ) | Fixed an issue where ESM environments migrating
to Traps management service cloud-based environments could not install Traps
agent version 6.1.2 on Linux endpoints. Now in version 6.1.3, you
can create an Upgrade from ESM agent installation
package for Linux in Traps management service, upload it to ESM,
and send out to all your agents for upgrade. |
CPATR-7575 | Fixed a compatibility issue with Traps and MicrosoftAppV,
which caused the endpoint to become unresponsive sometimes. |
CPATR-7545 | Fixed an issue in the Traps upgrade process
on Linux endpoints, where you had to restart the agent after Traps
upgrade in order for the new kernel module to be updated. |
CPATR-7509 ( Windows ) | Fixed an issue on Windows endpoints, where sometimes
the Traps agent would time-out during certain file operations. |
CPATR-7420 | Fixed a performance issue that occurred when event-log
messages were parsed without caching. |
CPATR-7419 ( Linux ) | Fixed an issue on Linux endpoints, where injecting
into processes caused them to hang. |
CPATR-7408 ( Windows ) | Fixed an issue where Windows endpoints overloaded
the endpoint kernel stack and became unresponsive if a large number
of drivers, including Traps, attempted to load at the same time. |
CPATR-7402 | Fixed a performance issue that occurred due
to redundant file calls when Traps tampering protection was enabled. |
CPATR-7397 | Fixed a compatibility issue where an agent running
Traps version 6.1.2 could not connect to the Traps management service
if the Palo Alto Networks firewall deployed in the environment was
set to enable SSL Decryption. |
CPATR-7396 ( macOS ) | Fixed a performance issue of increased compilation
times for users on Mac endpoints running Traps. |
CPATR-7360 | Fixed an issue where the digital signer of
the file was missing in the security event details extracted from
the Traps endpoint during a scan. |
CPATR-7342 ( Windows ) | Fixed an issue on Windows endpoints where ransomware
security events queried relative files by the file name instead
of the file path. |
CPATR-7311 ( macOS ) | Fixed an issue where after restating the endpoint,
Traps became incompatible with the macOS running on the endpoint. |
CPATR-2436 | Fixed an issue where the Signer was not being reported
back to Traps management service as part of the security event during
the scanning of files on Traps endpoints. |
Addressed Issues in Traps Agent 6.1.2
Issue ID | Description |
---|---|
CPA-7193 ( macOS ) | Improved
Traps performance on Mac endpoints during heavy processes load on
the endpoint. |
CPA-7143 | Fixed an issue where delayed, cached, queued, or
heavy loads of data collection events cause a high memory usage
for the cyveraservice.exe process. |
CPA-7050 | Fixed an issue where the Traps agent console reported
the agent is Connecting instead of Disabled after Exploit and Malware
policies were disabled through the Traps management service. |
CPA-6881 | Fixed a high memory consumption issue of the trapsd process
on Mac endpoints. |
CPA-6730 | Fixed an issue that occurred when starting
a VDI session, where the Traps console and Traps tray icon appeared
to be disabled event though they were fully functional. |
CPA-6666 | Fixed a compatibility issues for the ROP Mitigation
module with the vstfpd service. |
CPA-6643 ( Windows ) | Improved the logic of identifying logged-in users
so that Traps relies on the user SID, a unique Windows user security
identifier, when the usernames in SAM and UPN accounts are different. |
CPA-6588 ( Windows ) | Fixed an issue where a Traps agent would get disconnected
from the Traps management service during a Live Terminal session.
This occurred when Traps management service was downloading encrypted
files (EFS) from Windows endpoints. |
CPA-6567 ( Linux ) | On Linux endpoints, uninstalling Traps using
the uninstall script fails if the trapsd server
is down. |
CPA-6513 ( Linux ) | Fixed an issue on Linux endpoints, where Traps could
excessively print log messages to system logging infrastructure. |
CPA-6381 ( Linux ) | Allowed for configurable timeout for policy updates
on Linux endpoints. |
Addressed Issues in Traps Agent 6.1.1
Issue ID | Description |
---|---|
CPA-6953 ( Windows 7 ) | Fixed an issue on endpoints running Windows 7,
where a Traps agent could halt when scanning loaded DLL files. |
CPA-6893 | Fixed a performance issue that occurred when Traps
was calculating a process hash. |
CPA-6892 | Fixed a performance issue that occurred when Traps
attempted to open a corrupt document. |
CPA-6885 ( macOS ) | Fixed an issue where Mac endpoints running Traps
6.1 and Symantec would freeze upon shutdown. |
CPA-6866 ( macOS ) | Fixed a driver compatibility issue on Mac endpoints
running Symantec. |
CPA-6840 ( Windows ) | Fixed an issue that occurred on Windows endpoints
whose Agent Setting profile was configured to disable access to
the Traps console on the endpoint. If you tried to access the console
anyway, the system message wrongly stated that Traps has been disabled instead
of indicating that your access to the Console has been disabled. |
CPA-6786 | When enabling Traps to monitor and collect data
for sharing EDR data with other Cortex apps, Traps could halt if
it attempted to reference a process that has already ended. |
CPA-6782 | Fixed an issue where the Traps agent reported to
be working with the new content version even though the content
update failed on the endpoint. |
CPA-6651 ( Windows 10 ) | Fixed a compatibility issue with CFG exports suppression
on endpoints running Windows 10 RS2 Version 1703 (Build 15063) and
later. |
CPA-6586 ( macOS ) | Fixed an issue where a Mac agent that became unlicensed
could not be uninstalled using the default system password. |
CPA-6542 | Now for Behavioral Threat events on Mac and Linux
endpoints, the Analysis tab of the security event displays the correct
year in the timeline. |
CPA-6461 ( Windows ) | Fixed an issue on Windows endpoints where the incorrect
content version number may be reported back to Traps management
service in case of a communication error. |
CPA-6344 ( macOS ) | Now you can upgrade Mac endpoints running Symantec
to Traps 6.1.X version. |
CPA-6315 ( Windows ) | Fixed an issue in non-persistent VDI environments,
where Traps agents on Windows endpoints were unable to connect to
the Traps management service but the endpoint details on Traps management
service displayed an active status. |
CPATR-6668 ( Windows ) | Fixed an issue where events where the evaluation
of behavioral threat events caused high CPU usage on Windows endpoints. |
Addressed Issues in Traps Agent 6.1.0
Issue ID | Description |
---|---|
CPA-6505 ( Linux ) | Fixed an issue on Linux endpoints, where the Traps
agent did not load the Linux kernel modules if it detected a system
crash and operated in asynchronous mode. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.