End-of-Life (EoL)
Changes to Default Behavior
Changes to Default Behavior in Cortex XDR 7.1 releases.
The following topics describe changes to default behavior
in Cortex XDR agent 7.1 releases:
Changes to Default Behavior in Cortex XDR Agent 7.1.4
There are no changes to default behavior in this release.
Changes to Default Behavior in Cortex XDR Agent 7.1.3
There are no changes to default behavior in this release.
Changes to Default Behavior in Cortex XDR Agent 7.1.2
There are no changes to default behavior in this release.
Changes to Default Behavior in Cortex XDR Agent 7.1.1
There are no changes to default behavior in this release.
Changes to Default Behavior in Cortex XDR Agent 7.1
Feature | Change to Behavior |
---|---|
Unified High-Privileged Processes | As part of infrastructure enhancements in
this release, several high-privileged processes were unified:
|
Future Native Support for Apple’s Deprecation
of Kernel Extensions | In line with Apple’s efforts to improve
security in the upcoming macOS 11.0 Big Sur release, which include
the deprecation of kernel extensions by 3rd party providers, the
Cortex XDR agent 7.1 release is transitioning to fully support the
new operating system requirements. Starting already with macOS 10.15.4,
the Cortex XDR agent no longer uses the kernel extension. Instead,
the agent is designed to deploy a new Network extension and the
existing System extension that together provide full coverage of
the endpoint traffic, and replace the deprecated kernel extension. During
the transitioning period of both the Cortex XDR agent and the operating
system, the Cortex XDR agent does not monitor the network traffic
on the endpoint, and cannot report network events back to Cortex
XDR. Consequently, the BIOC rules you have for network events will
not work, and you will not be able to query about network events
in the Query builder. The agent fully supports all other data collection
and security capabilities on the endpoint. For the full installation
procedure of the Cortex XDR 7.1 agent release on Mac endpoints running
macOS 10.15.4, refer to the Cortex XDR agent administrator
guide. |
Upgrade Path from ESM to Cortex XDR | Due to the latest changes in the Cortex
XDR agent certificate for Windows, the agent upgrade path from the
Endpoint Security Manager (ESM) has changed. To upgrade a Traps
agent prior to the 4.2.6 release to a Cortex XDR agent 7.0.0 or
later releases, you must perform the following:
If you are using a third party
tool to perform your upgrades, you can upgrade a Traps agent prior
to the 4.2.6 release directly to any release of the Cortex XDR agent. |
Override Configurations on Linux Upgrades | Starting with Cortex XDR agent 7.1 release,
the agent upgrade process is aligned with the upgrade process for
other Operating Systems regarding which configurations to keep and
which to override. |
Dynamic Upload of Kernel Modules for Cortex XDR
Agents | Starting with Cortex XDR agent 7.1 release,
the kernel modules for Linux endpoints are uploaded dynamically
on the endpoint, ensuring the agent retrieves from Cortex XDR only
new and updated agent kernels that were specifically compiled for
the current distribution and version running on the endpoint. If
no kernel modules are available for the endpoint, then the agent operates
in asynchronous mode on the endpoint and reports the corresponding
agent operation status back to Cortex XDR. |
End of Support for Windows 7 Before SP1 | The Cortex XDR agent 7.1 and later releases
cannot be installed on endpoints running Windows 7 before SP1. For
full compatibility information, see the Compatibility Matrix. |
Recommended For You
Recommended Videos
Recommended videos not found.