Addressed Issues in Traps Agent 6.1

The following tables lists the issues that were addressed in Traps agent 6.1 releases.

Addressed Issues in Traps Agent 6.1.7/8-hotfix

The following has been addressed in this release for build numbers:
Windows - 6.1.8.40522 Mac - 6.1.7.1689 Linux - 6.1.7.39973
Code copied to clipboard
Unable to copy due to lack of browser support.
Feature
Description
CPATR-14895
Fixed an issue where Cortex XDR agents running without trusting certificates “GlobalSign Root CA” may encounter issues downloading upgrade packages and content updates, and may also affect large scans verdict retrieval.

Addressed Issues in Traps Agent 6.1.8

Issue ID
Description
CPATR-12649
(
Windows
)
Fixed an issue where the Traps agent did not detect the existence of a macro within a Microsoft Office document.
CPATR-12713
(
Windows
)
Fixed an issue where post-detection of macro-contained Microsoft Office files was not reported to the Cortex XDR management server.
In a post-detection of a macro-contained file, the Traps agent does not terminate the source process, regardless of the applied Malware Profile.
CPATR-12009
(
Windows
)
Fixed an issue where the agent did not analyze the macro content within a Microsoft Office document.
CPATR-11927
Addressed security issues.

Addressed Issues in Traps Agent 6.1.7

Issue ID
Description
CPATR-11311
(
Windows
)
Fixed an issue on Windows endpoints where the Traps agent did not detect the existence of a macro within a Microsoft Office document.
CPATR-10622
On Linux endpoints connected to Cortex XDR through a proxy, fixed an issue where the Traps agent attempted to resolve DNS requests directly without using the proxy.
CPATR-10042
On endpoints connected to Cortex XDR through a proxy, fixed an issue where after upgrading to Cortex XDR agent 7.1 release, the agent failed to register due to incorrect timeout settings.
CPATR-9972
Fixed an issue where the Traps agent failed to connect to the server when using an invalid ID, even with the
Cytool reconnect force
command.
CPATR-9871
Addressed security issues.
CPATR-9718
(
macOS
)
Fixed a performance issue that occurred on Mac endpoints running heavy script loads.
CPATR-9134
Fixed an issue where the Traps agent failed to collect log files when executing the
Cytool log collect
command from a LocalSystem account.
CPATR-9082
(
Linux
)
Fixed a compatibility issue where the Traps agent installation failed on Linux endpoints with preloaded libraries (
LD_PRELOAD
and
/etc/ld.so.preload
).
CPATR-9008
On endpoints connected to Cortex XDR through a proxy, fixed an issue where multiple requests to get verdicts from WildFire® would hang if the activity mode of the proxy was changed.
CPATR-8763
(
Windows
)
On Windows endpoints, fixed compatibility issues with the scanning of CSVFS volumes.
CPATR-8533
(
Linux
)
Removed unnecessary error messages from the log files on Linux endpoints.
CPATR-8488
Fixed an issue where the Traps agent reported an empty status to Cortex XDR, if the status reporting occurred immediately after agent startup on the endpoint.
CPATR-8244
Fixed an issue where Cytool erroneously reported running services as stopped on a Linux endpoint running non XSI-conforming PS binary (pre-2014).

Addressed Issues in Traps Agent 6.1.6

Issue ID
Description
CPATR-8988
Fixed a race condition between the Cortex XDR agent injector and certain processes running on the endpoint which could cause the processes to hang during startup.

Addressed Issues in Traps Agent 6.1.5-h1

Issue ID
Description
CPATR-8891
(
Windows
)
Palo Alto Networks strongly recommends that you upgrade your operating system as soon as possible and follow Microsoft Security Advisory statement regarding vulnerability CVE-2020-0796.
For Traps agents running on unpatched Windows endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable when there is an attempt to exploit CVE-2020-0796.

Addressed Issues in Traps Agent 6.1.5

Issue ID
Description
CPATR-8459
Fixed an issue where the content update failed on the endpoint due to network issues, and the agent policy was being updated even though the content update did not contain policy updates.
CPATR-8404
Fixed an issue where the Ransomware Protection module accessed certain file objects from invalid execution contexts, causing processes running on the endpoint to halt or consume high CPU.
CPATR-8403
and
CPATR-8131
Fixed a race condition between the Cortex XDR agent injector and certain Syslog and DL processes running on the endpoint which could cause the processes to hang during startup.
CPATR-8353
Extended the Cytool log collect timeout from two minutes to ten minutes to support the collection of large log files.
CPATR-8305
To prevent license leakage, now Cortex XDR will prevent the re-registration of a Golden image instance until a user logs on.
CPATR-8157
Addressed security issues.
CPATR-8063
Fixed an issue where the security module was set to notify, however
security_events.db
reported the process as failed to terminate (
Target process termination: Yes (Failed)
).
CPATR-7995
Now when the agent settings profile on the endpoint is set to hide the Cortex XDR agent tray icon on the endpoint, the icon will be hidden already when the user logs on or reboots the machine, and not only after the first agent heartbeat.
CPATR-7962
Fixed an issue where the VDI instance created from a Golden image that included proxy configuration did not receive the proxy configuration.
CPATR-7798
(
macOS
)
Fixed an issue where you could not restore a quarantined file to a custom location using Cytool on a Mac endpoint running macOS10.15.

Addressed Issues in Traps Agent 6.1.4-h1

Issue ID
Description
CPATR-8342
(
Windows 10
)
For all Windows 10 endpoints Palo Alto Networks strongly recommends that you upgrade to the latest Windows Update that has a fix for vulnerability CVE-2020-0601.
For Traps agents running on unpatched Windows 10 endpoints, this version includes a hotfix to address vulnerability CVE-2020-0601. When there is an attempt to exploit CVE-2020-0601 on an unpatched Windows 10 endpoint, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable.
This capability is available in Traps management service and requires build 6.1.4.32252 and content update 93. If you are using Cortex XDR, Palo Alto Networks plan to have a similar fix in the next maintenance release for the Cortex XDR 7.0 agent.

Addressed Issues in Traps Agent 6.1.4

Issue ID
Description
CPATR-7911
(
Linux
)
Fixed an issue on Linux endpoints related to exploit protection modules and Traps services where spikes or continuous loading of processes on a system event led to the Traps agent being out of sync with the Linux server state regarding processes and permissions.
CPATR-7900
Fixed an issue that occurred after a malware scan completed where Traps reported duplicate scan completion events to Traps management service.
CPATR-7864
(
Windows
)
Fixed an issue on Windows endpoints where the DLL hash calculation caused high memory consumption on the endpoint.
CPATR-7852
(
Windows
)
Fixed an issue on Windows endpoints where Traps could not generate a Tech Support File if you use Roaming User Profiles.
CPATR-7669
Fixed an issue that occurred during a Live Terminal session where you could not explore the file system if an exception occurred during data retrieval.
CPATR-7663
(
Linux
)
Fixed an issue on Linux endpoints where Traps reported that Ubuntu 12 was incompatible with the kernel module.
CPATR-7487
(
Windows
)
Fixed an issue on Windows endpoints where installing, upgrading, or uninstalling the Traps agent software did not complete when services took longer than 30 seconds to start or stop.
CPATR-6918
(
Windows
)
Fixed an issue on Windows endpoints where Live Terminal configurations were not protected by Agent Tampering Protection.

Addressed Issues in Traps Agent 6.1.3

Issue ID
Description
CPATR-7635
Fixed a memory leak that occurred on specific network hardware during event collection of network events.
CPATR-7577
(
Linux
)
Fixed an issue where ESM environments migrating to Traps management service cloud-based environments could not install Traps agent version 6.1.2 on Linux endpoints. Now in version 6.1.3, you can create an
Upgrade from ESM
agent installation package for Linux in Traps management service, upload it to ESM, and send out to all your agents for upgrade.
CPATR-7575
Fixed a compatibility issue with Traps and MicrosoftAppV, which caused the endpoint to become unresponsive sometimes.
CPATR-7545
Fixed an issue in the Traps upgrade process on Linux endpoints, where you had to restart the agent after Traps upgrade in order for the new kernel module to be updated.
CPATR-7509
(
Windows
)
Fixed an issue on Windows endpoints, where sometimes the Traps agent would time-out during certain file operations.
CPATR-7420
Fixed a performance issue that occurred when event-log messages were parsed without caching.
CPATR-7419
(
Linux
)
Fixed an issue on Linux endpoints, where injecting into processes caused them to hang.
CPATR-7408
(
Windows
)
Fixed an issue where Windows endpoints overloaded the endpoint kernel stack and became unresponsive if a large number of drivers, including Traps, attempted to load at the same time.
CPATR-7402
Fixed a performance issue that occurred due to redundant file calls when Traps tampering protection was enabled.
CPATR-7397
Fixed a compatibility issue where an agent running Traps version 6.1.2 could not connect to the Traps management service if the Palo Alto Networks firewall deployed in the environment was set to enable SSL Decryption.
CPATR-7396
(
macOS
)
Fixed a performance issue of increased compilation times for users on Mac endpoints running Traps.
CPATR-7360
Fixed an issue where the digital signer of the file was missing in the security event details extracted from the Traps endpoint during a scan.
CPATR-7342
(
Windows
)
Fixed an issue on Windows endpoints where ransomware security events queried relative files by the file name instead of the file path.
CPATR-7311
(
macOS
)
Fixed an issue where after restating the endpoint, Traps became incompatible with the macOS running on the endpoint.
CPATR-2436
Fixed an issue where the Signer was not being reported back to Traps management service as part of the security event during the scanning of files on Traps endpoints.

Addressed Issues in Traps Agent 6.1.2

Issue ID
Description
CPA-7193
(
macOS
)
Improved Traps performance on Mac endpoints during heavy processes load on the endpoint.
CPA-7143
Fixed an issue where delayed, cached, queued, or heavy loads of data collection events cause a high memory usage for the
cyveraservice.exe
process.
CPA-7050
Fixed an issue where the Traps agent console reported the agent is Connecting instead of Disabled after Exploit and Malware policies were disabled through the Traps management service.
CPA-6881
Fixed a high memory consumption issue of the
trapsd
process on Mac endpoints.
CPA-6730
Fixed an issue that occurred when starting a VDI session, where the Traps console and Traps tray icon appeared to be disabled event though they were fully functional.
CPA-6666
Fixed a compatibility issues for the ROP Mitigation module with the
vstfpd
service.
CPA-6643
(
Windows
)
Improved the logic of identifying logged-in users so that Traps relies on the user SID, a unique Windows user security identifier, when the usernames in SAM and UPN accounts are different.
CPA-6588
(
Windows
)
Fixed an issue where a Traps agent would get disconnected from the Traps management service during a Live Terminal session. This occurred when Traps management service was downloading encrypted files (EFS) from Windows endpoints.
CPA-6567
(
Linux
)
On Linux endpoints, uninstalling Traps using the uninstall script fails if the
trapsd
server is down.
CPA-6513
(
Linux
)
Fixed an issue on Linux endpoints, where Traps could excessively print log messages to system logging infrastructure.
CPA-6381
(
Linux
)
Allowed for configurable timeout for policy updates on Linux endpoints.

Addressed Issues in Traps Agent 6.1.1

Issue ID
Description
CPA-6953
(
Windows 7
)
Fixed an issue on endpoints running Windows 7, where a Traps agent could halt when scanning loaded DLL files.
CPA-6893
Fixed a performance issue that occurred when Traps was calculating a process hash.
CPA-6892
Fixed a performance issue that occurred when Traps attempted to open a corrupt document.
CPA-6885
(
macOS
)
Fixed an issue where Mac endpoints running Traps 6.1 and Symantec would freeze upon shutdown.
CPA-6866
(
macOS
)
Fixed a driver compatibility issue on Mac endpoints running Symantec.
CPA-6840
(
Windows
)
Fixed an issue that occurred on Windows endpoints whose Agent Setting profile was configured to disable access to the Traps console on the endpoint. If you tried to access the console anyway, the system message wrongly stated that Traps has been disabled instead of indicating that your access to the Console has been disabled.
CPA-6786
When enabling Traps to monitor and collect data for sharing EDR data with other Cortex apps, Traps could halt if it attempted to reference a process that has already ended.
CPA-6782
Fixed an issue where the Traps agent reported to be working with the new content version even though the content update failed on the endpoint.
CPA-6651
(
Windows 10
)
Fixed a compatibility issue with CFG exports suppression on endpoints running Windows 10 RS2 Version 1703 (Build 15063) and later.
CPA-6586
(
macOS
)
Fixed an issue where a Mac agent that became unlicensed could not be uninstalled using the default system password.
CPA-6542
Now for Behavioral Threat events on Mac and Linux endpoints, the Analysis tab of the security event displays the correct year in the timeline.
CPA-6461
(
Windows
)
Fixed an issue on Windows endpoints where the incorrect content version number may be reported back to Traps management service in case of a communication error.
CPA-6344
(
macOS
)
Now you can upgrade Mac endpoints running Symantec to Traps 6.1.X version.
CPA-6315
(
Windows
)
Fixed an issue in non-persistent VDI environments, where Traps agents on Windows endpoints were unable to connect to the Traps management service but the endpoint details on Traps management service displayed an active status.
CPATR-6668
(
Windows
)
Fixed an issue where events where the evaluation of behavioral threat events caused high CPU usage on Windows endpoints.

Addressed Issues in Traps Agent 6.1.0

Issue ID
Description
CPA-6505
(
Linux
)
Fixed an issue on Linux endpoints, where the Traps agent did not load the Linux kernel modules if it detected a system crash and operated in asynchronous mode.

Recommended For You