Cortex XDR Agent Known Issues

Known issues with the Cortex XDR agent 7.0
In this version, Traps management service functionality has been integrated into the Cortex XDR app. As a result, the new agent is a Cortex-supported agent, and issues relating to Traps and the Traps management service directly are no longer applicable.
The following table includes known issues in Cortex XDR agent 7.0
Issue ID
Description
CPATR-9265
When the operating system on the endpoint is set to Advertise mode, you cannot install or upgrade a Cortex XDR agent 7.0.X or earlier releases using
msiexec
.
CPATR-9609
When the Cortex XDR agent performs a policy update on a Windows endpoint, the endpoint can freeze for a few seconds and you might not be able to open applications or menus until the update is completed.
CPATR-9493
If you uninstall a Cortex XDR agent 7.0.1 running on a macOS 10.15.4 endpoint through the Cortex XDR management console when the user is not logged in on the endpoint or did not enter the user credentials as requested by the operating system, the uninstall process will be reported as completed successfully however the agent will leave software leftovers on the endpoint. As a workaround to address this issue, you can:
  • Uninstall the agent directly from the endpoint, or upgrade to Cortex XDR 7.1 and uninstall the agent from the Cortex XDR server management.
  • If you already uninstalled the agent from the management server and still want to clean the leftover files on the endpoint, you must re-install the same agent version that was installed before and then uninstall it directly from the endpoint.
CPATR-8064
This issue is resolved in Cortex XDR agent 7.0.1 release.
When a new VDI session starts, it may take up to 10 minutes for the Cortex XDR agent to protect the endpoint.
CPATR-7825
The Cortex XDR tray icon displays on a Windows endpoint even though the Agent Settings profile is set to hide the icon.
CPATR-7798
This issue is resolved in Cortex XDR agent 7.0.1 release.
You cannot restore a quarantined file to a custom location using Cytool on a Mac endpoint running macOS 10.15.
CPATR-7768
If a previous version of Traps was previously installed on a Windows endpoint, the Traps icon saved in Windows cache might display in the new Cortex XDR agent console when alerting the user that access to the agent console has been disabled by policy.
CPATR-7365
After you whitelist an external USB-connected device, you have to unplug and plug it back to your machine for the whitelisting to take effect. If it is an integral device, you have to restart your machine for the whitelisting to take effect.
CPATR-7317
After you run a bash command on Mac or Linux agents using the Live Shell console, the command is printed again as a response.
CPATR-6000
To enable the Cortex XDR agent 7.0.2 release to work in synchronous mode on Linux endpoints running kernels RHEL, or CentOS, or Oracle 8, you must disable UEFI Secure Boot on the machine. Otherwise, the Cortex XDR agent will operate in asynchronous mode: the agent will obtain a verdict for the executed ELF file in parallel to its execution and terminate it if a malware verdict is obtained. In addition, data collection for EDR and behavioral threat protection will not be supported.
To disable UEFI Secure Boot, enter the Advanced Boot Menu on your Linux machine and go to Troubleshoot > Advanced Options: UEFI Firmware Settings. Set the option to disable, save your changes and exit the menu. Your system will reboot, and the Cortex XDR agent will provide all its protections on the endpoint.
For full compatibility information, see the Compatibility Matrix.

Recommended For You