Cortex XDR Agent Addressed Issues

List of addressed issues in Cortex XDR agent 7.0 releases.
The following tables lists the issues that are addressed in Cortex XDR agent 7.0 releases.

Cortex XDR Agent 7.0.3 Addressed Issues

Feature
Description
CPATR-10042
In an environment where the Cortex XDR agent is connected to the Cortex XDR management console through a proxy, fixed an issue where the agent failed to register after upgrading to Cortex XDR 7.1 release due to incorrect timeout settings.
CPATR-9972
Fixed an issue where the Cortex XDR agent failed to connect to the server using an invalid ID even with the
Cytool reconnect force
command.
CPATR-9871, CPATR-8709
Addressed security issues.
CPATR-9760
Fixed an issue on endpoints where Behavioral threat protection (BTP) was disabled, that security policy recalculation was triggered even if there were no policy updates.
CPATR-9718
Fixed a performance issue that occurred on Mac endpoints running heavy script loads.
CPATR-9712
Enhanced the agent log to include more details when an agent fails to download new content as a result of bandwidth management issues.
CPATR-9621
Fixed an issue where the Cortex XDR agent did not report device control violations for a USB device if the device serial number ended with one or more null characters.
CPATR-9134
Fixed an issue where the Cortex XDR agent failed to collect log files when executing the
Cytool log collect
command from a
account.
CPATR-8488
Fixed an issue where the agent reported an empty status to Cortex XDR if the status reporting occurred immediately after agent startup on the endpoint.

Cortex XDR Agent 7.0.2 Addressed Issues

Feature
Description
CPATR-9082
Fixed an issue where the Cortex XDR agent installation failed on Linux endpoints with LD_PRELOAD libraries, which contain paths to shared libraries or objects.
CPATR-9058
Fixed a high CPU issue that occurred when the Cortex XDR agent running on VDI sessions performed redundant agent database cleanups.
CPATR-9055
Fixed an issue where the Cortex XDR agent failed to connect to Cortex XDR using GRPC (remote procedure call) and Cytool commands failed if the HTTP_PROXY environment variable was configured on the endpoint.
CPATR-9042
Fixed an issue where plugging in a USB device with certain string descriptors on a Windows endpoint where the Cortex XDR agent enforces device control rules caused the endpoint to halt.
CPATR-8988
Fixed a race condition between the Cortex XDR agent injector and certain processes running on the endpoint which could cause the processes to hang during startup.
CPATR-8778
Fixed an issue where multiple requests to get verdicts from WildFire would hang if the activity mode of the proxy used to communicate with the Cortex XDR agent was changed.
CPATR-8763
Fixed compatibility issues with the scanning of CSVFS volumes.
CPATR-8747
Fixed an issue where the Cortex XDR agent failed to connect to Cortex XDR through WinHttp Proxy.
CPATR-8533
Removing unnecessary error messages from the log files.
CPATR-8404
Fixed an issue where the Ransomware Protection module accessed certain file objects from invalid execution contexts, causing processes running on the endpoint to halt or consume high CPU.
CPATR-8403
,
CPATR-8131
Fixed a race condition between the Cortex XDR agent injector and certain Syslog and DL processes running on the endpoint which could cause the processes to hang during startup.
CPATR-8353
Extended the Cytool log collect timeout from two minutes to ten minutes to support the collection of large log files.
CPATR-7989
Fixed an issue where the content update failed on the endpoint due to network issues, and the agent policy was being updated even though the content update did not contain policy updates.

Cortex XDR Agent 7.0.1-h1 Addressed Issues

Feature
Description
CPATR-8891
Palo Alto Networks strongly recommends that you upgrade your operating system as soon as possible and follow Microsoft Security Advisory statement regarding vulnerability CVE-2020-0796.
For Cortex XDR agents running on unpatched Windows endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable when there is an attempt to exploit CVE-2020-0796.

Cortex XDR Agent 7.0.1 Addressed Issues

Feature
Description
CPATR-8355
Fixed an issue where Live Terminal failed to start on Linux endpoints after upgrading Traps agent 6.1.4 release to Cortex XDR agent 7.0.
CPATR-8342
For all Windows 10 endpoints Palo Alto Networks strongly recommends that you upgrade to the latest Windows Update that has a fix for vulnerability CVE-2020-0601.
For Cortex XDR agents running on unpatched Windows 10 endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious executable when there is an attempt to exploit CVE-2020-0601.
CPATR-8305
To prevent license leakage, now Cortex XDR will prevent the re-registration of a Golden image instance until a user logs on.
CPATR-8157
Addressed security issues.
CPATR-8078
Fixed an issue where the SCCM advertisement failed the Cortex XDR agent installation on the endpoint.
CPATR-8064
Now when a new VDI session starts, the endpoint uses the original Golden Image policy until the Cortex XDR agent retrieves the new policy from the Cortex XDR server. This may take up to 10 minutes.
CPATR-8063
Fixed an issue where the security module was set to notify, however security_events.db reported the process as failed to terminate (
Target process termination: Yes (Failed)
).
CPATR-7995
Now when the agent settings profile on the endpoint is set to hide the Cortex XDR agent tray icon on the endpoint, the icon will be hidden already when the user logs on or reboots the machine, and not only after the first agent heartbeat.
CPATR-7985
Fixed an issue where the endpoint could halt suddenly after a fresh installation or upgrade of the Cortex XDR agent software when Hypervisor Code Integrity (HVCI) is enabled on Windows 10, Windows Server 2016, or Windows Server 2019.
CPATR-7962
Fixed an issue where the VDI instance created from a Golden image that included proxy configuration did not receive the proxy configuration.
CPATR-7911
Fixed an issue on Linux endpoints related to exploit protection modules and Traps services where the ProcessManager could not manage the data rate and dropped netlink sockets and events on load spikes.
CPATR-7900
Fixed an issue that occurred after a malware scan completed where Traps reported duplicate scan completion events to Traps management service.
CPATR-7798
Fixed an issue where you could not restore a quarantined file to a custom location using Cytool on a Mac endpoint running macOS10.15.

Cortex XDR Agent 7.0.0-h1 Addressed Issues

Feature
Description
CPATR-7985
Fixed an issue that occurred when Hypervisor Code Integrity (HVCI) was enabled on Windows 10, Windows Server 2016, or Windows Server 2019, where the endpoint could halt suddenly after a fresh installation or upgrade of the Cortex XDR agent software.

Cortex XDR Agent 7.0 Addressed Issues

There are no addressed issues in this version.

Recommended For You