End-of-Life (EoL)
Cortex XDR Agent Known Issues
Known issues with the Cortex XDR agent 7.0
In this version, Traps management service functionality
has been integrated into the Cortex XDR app. As a result, the new
agent is a Cortex-supported agent, and issues relating to Traps
and the Traps management service directly are no longer applicable.
The following table includes known issues
in Cortex XDR agent 7.0
Issue ID | Description |
---|---|
CPATR-10614 | The Cortex XDR agent does not create a post-detection
event when it receives from WildFire a malware verdict for a macro
file that had a previous non-malware verdict. |
CPATR-9265 | When the operating system on the endpoint is
set to Advertise mode, you cannot install or upgrade a Cortex XDR
agent 7.0.X or earlier releases using msiexec . |
CPATR-9609 | When the Cortex XDR agent performs a policy
update on a Windows endpoint, the endpoint can freeze for a few
seconds and you might not be able to open applications or menus
until the update is completed. |
CPATR-9493 | If you uninstall a Cortex XDR agent 7.0.1
running on a macOS 10.15.4 endpoint through the Cortex XDR management
console when the user is not logged in on the endpoint or did not
enter the user credentials as requested by the operating system,
the uninstall process will be reported as completed successfully
however the agent will leave software leftovers on the endpoint.
As a workaround to address this issue, you can:
|
CPATR-8064 This issue is resolved
in Cortex XDR agent 7.0.1 release. | When a new VDI session starts, it may take
up to 10 minutes for the Cortex XDR agent to protect the endpoint. |
CPATR-7825 | The Cortex XDR tray icon displays on a Windows
endpoint even though the Agent Settings profile is set to hide the
icon. |
CPATR-7798 This issue is resolved
in Cortex XDR agent 7.0.1 release. | You cannot restore a quarantined file to a
custom location using Cytool on a Mac endpoint running macOS 10.15. |
CPATR-7768 | If a previous version of Traps was previously
installed on a Windows endpoint, the Traps icon saved in Windows
cache might display in the new Cortex XDR agent console when alerting
the user that access to the agent console has been disabled by policy. |
CPATR-7365 | After you whitelist an external USB-connected
device, you have to unplug and plug it back to your machine for
the whitelisting to take effect. If it is an integral device, you
have to restart your machine for the whitelisting to take effect. |
CPATR-7317 | After you run a bash command on Mac or Linux
agents using the Live Shell console, the command is printed again
as a response. |
CPATR-6000 | To enable the Cortex XDR agent 7.0.2 release
to work in synchronous mode on Linux endpoints running kernels RHEL,
or CentOS, or Oracle 8, you must disable UEFI Secure Boot on the
machine. Otherwise, the Cortex XDR agent will operate in asynchronous
mode: the agent will obtain a verdict for the executed ELF file
in parallel to its execution and terminate it if a malware verdict
is obtained. In addition, data collection for EDR and behavioral
threat protection will not be supported. To disable UEFI Secure
Boot, enter the Advanced Boot Menu on your Linux machine and go
to Troubleshoot > Advanced Options: UEFI Firmware Settings. Set
the option to disable, save your changes and exit the menu. Your
system will reboot, and the Cortex XDR agent will provide all its
protections on the endpoint. For full compatibility information,
see the Compatibility Matrix. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.