1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ Agent Release Notes
    5. Cortex XDR Agent Release Information
    6. Cortex XDR Agent Addressed Issues
    End-of-Life (EoL)

    Cortex XDR Agent Addressed Issues

    List of addressed issues in Cortex XDR agent 7.0 releases.
    The following tables lists the issues that are addressed in Cortex XDR agent 7.0 releases.

    Cortex XDR Agent 7.0.3 Addressed Issues

    Feature
    Description
    CPATR-10042
    In an environment where the Cortex XDR agent is connected to the Cortex XDR management console through a proxy, fixed an issue where the agent failed to register after upgrading to Cortex XDR 7.1 release due to incorrect timeout settings.
    CPATR-9972
    Fixed an issue where the Cortex XDR agent failed to connect to the server using an invalid ID even with the
    Cytool reconnect force
    command.
    CPATR-9871, CPATR-8709
    Addressed security issues.
    CPATR-9760
    Fixed an issue on endpoints where Behavioral threat protection (BTP) was disabled, that security policy recalculation was triggered even if there were no policy updates.
    CPATR-9718
    Fixed a performance issue that occurred on Mac endpoints running heavy script loads.
    CPATR-9712
    Enhanced the agent log to include more details when an agent fails to download new content as a result of bandwidth management issues.
    CPATR-9621
    Fixed an issue where the Cortex XDR agent did not report device control violations for a USB device if the device serial number ended with one or more null characters.
    CPATR-9134
    Fixed an issue where the Cortex XDR agent failed to collect log files when executing the
    Cytool log collect
     command from a
    account.
    CPATR-8488
    Fixed an issue where the agent reported an empty status to Cortex XDR if the status reporting occurred immediately after agent startup on the endpoint.

    Cortex XDR Agent 7.0.2 Addressed Issues

    Feature
    Description
    CPATR-9082
    Fixed an issue where the Cortex XDR agent installation failed on Linux endpoints with LD_PRELOAD libraries, which contain paths to shared libraries or objects.
    CPATR-9058
    Fixed a high CPU issue that occurred when the Cortex XDR agent running on VDI sessions performed redundant agent database cleanups.
    CPATR-9055
    Fixed an issue where the Cortex XDR agent failed to connect to Cortex XDR using GRPC (remote procedure call) and Cytool commands failed if the HTTP_PROXY environment variable was configured on the endpoint.
    CPATR-9042
    Fixed an issue where plugging in a USB device with certain string descriptors on a Windows endpoint where the Cortex XDR agent enforces device control rules caused the endpoint to halt.
    CPATR-8988
    Fixed a race condition between the Cortex XDR agent injector and certain processes running on the endpoint which could cause the processes to hang during startup.
    CPATR-8778
    Fixed an issue where multiple requests to get verdicts from WildFire would hang if the activity mode of the proxy used to communicate with the Cortex XDR agent was changed.
    CPATR-8763
    Fixed compatibility issues with the scanning of CSVFS volumes.
    CPATR-8747
    Fixed an issue where the Cortex XDR agent failed to connect to Cortex XDR through WinHttp Proxy.
    CPATR-8533
    Removing unnecessary error messages from the log files.
    CPATR-8404
    Fixed an issue where the Ransomware Protection module accessed certain file objects from invalid execution contexts, causing processes running on the endpoint to halt or consume high CPU.
    CPATR-8403
    ,
    CPATR-8131
    Fixed a race condition between the Cortex XDR agent injector and certain Syslog and DL processes running on the endpoint which could cause the processes to hang during startup.
    CPATR-8353
    Extended the Cytool log collect timeout from two minutes to ten minutes to support the collection of large log files.
    CPATR-7989
    Fixed an issue where the content update failed on the endpoint due to network issues, and the agent policy was being updated even though the content update did not contain policy updates.

    Cortex XDR Agent 7.0.1-h1 Addressed Issues

    Feature
    Description
    CPATR-8891
    Palo Alto Networks strongly recommends that you upgrade your operating system as soon as possible and follow Microsoft Security Advisory statement regarding vulnerability CVE-2020-0796.
    For Cortex XDR agents running on unpatched Windows endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable when there is an attempt to exploit CVE-2020-0796.

    Cortex XDR Agent 7.0.1 Addressed Issues

    Feature
    Description
    CPATR-8355
    Fixed an issue where Live Terminal failed to start on Linux endpoints after upgrading Traps agent 6.1.4 release to Cortex XDR agent 7.0.
    CPATR-8342
    For all Windows 10 endpoints Palo Alto Networks strongly recommends that you upgrade to the latest Windows Update that has a fix for vulnerability CVE-2020-0601.
    For Cortex XDR agents running on unpatched Windows 10 endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable when there is an attempt to exploit CVE-2020-0601.
    CPATR-8305
    To prevent license leakage, now Cortex XDR will prevent the re-registration of a Golden image instance until a user logs on.
    CPATR-8157
    Addressed security issues.
    CPATR-8078
    Fixed an issue where the SCCM advertisement failed the Cortex XDR agent installation on the endpoint.
    CPATR-8064
    Now when a new VDI session starts, the endpoint uses the original Golden Image policy until the Cortex XDR agent retrieves the new policy from the Cortex XDR server. This may take up to 10 minutes.
    CPATR-8063
    Fixed an issue where the security module was set to notify, however security_events.db reported the process as failed to terminate (
    Target process termination: Yes (Failed)
    ).
    CPATR-7995
    Now when the agent settings profile on the endpoint is set to hide the Cortex XDR agent tray icon on the endpoint, the icon will be hidden already when the user logs on or reboots the machine, and not only after the first agent heartbeat.
    CPATR-7985
    Fixed an issue where the endpoint could halt suddenly after a fresh installation or upgrade of the Cortex XDR agent software when Hypervisor Code Integrity (HVCI) is enabled on Windows 10, Windows Server 2016, or Windows Server 2019.
    CPATR-7962
    Fixed an issue where the VDI instance created from a Golden image that included proxy configuration did not receive the proxy configuration.
    CPATR-7911
    Fixed an issue on Linux endpoints related to exploit protection modules and Traps services where the ProcessManager could not manage the data rate and dropped netlink sockets and events on load spikes.
    CPATR-7900
    Fixed an issue that occurred after a malware scan completed where Traps reported duplicate scan completion events to Traps management service.
    CPATR-7798
    Fixed an issue where you could not restore a quarantined file to a custom location using Cytool on a Mac endpoint running macOS10.15.

    Cortex XDR Agent 7.0.0-h1 Addressed Issues

    Feature
    Description
    CPATR-7985
    Fixed an issue that occurred when Hypervisor Code Integrity (HVCI) was enabled on Windows 10, Windows Server 2016, or Windows Server 2019, where the endpoint could halt suddenly after a fresh installation or upgrade of the Cortex XDR agent software.

    Cortex XDR Agent 7.0 Addressed Issues

    There are no addressed issues in this version.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo