1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ Agent Administrator's Guide
    5. Cortex XDR Agent 7.0 for Linux
    End-of-Life (EoL)

    Cortex XDR Agent 7.0 for Linux

    The Cortex XDR™ agent protects Linux servers by preventing known and unknown malware from running by halting any attempts to leverage software exploits and vulnerabilities to compromise the server. The agent also extends exploit and malware protection to processes that run in Linux containers. When you install the agent on a Linux server that uses containers, it automatically protects any new and existing containerized processes regardless of the container solution (for example, docker). Because Cortex XDR issues the license per Linux server, each container does not consume any additional licenses.
    The protection capabilities and features that the Cortex XDR agent for Linux enables depend, in part, on your security policy configuration and the kernel version that is installed. Protection capabilities such as Behavioral Threat Protection, ELF file analysis, and endpoint data collection and sharing for EDR all require a supported kernel version. If you deploy the Cortex XDR agent on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode where:
    • Continuous event monitoring required for Behavioral Threat Protection is disabled.
    • Sharing endpoint activity data with Cortex apps is disabled.
    • ELF file examination occurs in parallel with the file execution. If the Cortex XDR agent obtains a malware verdict for the ELF file, it terminates the file execution. Security events for malware in asynchronous mode are assigned a high severity due to the potential for continued execution during the verdict request while security events in synchronous mode are medium severity.
    • All other exploit and malware protection is enabled per your Linux security policy.
    During installation, you can also choose to disable the kernel module version, as explained in the Install the Cortex XDR Agent for Linux topic.
    The following topics describe how to install and use the Cortex XDR agent for Linux:

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo