End-of-Life (EoL)

Changes to Default Behavior

Changes to Default Behavior in Cortex XDR 7.1 releases.
The following topics describe changes to default behavior in Cortex XDR agent 7.1 releases:

Changes to Default Behavior in Cortex XDR Agent 7.1.4

There are no changes to default behavior in this release.

Changes to Default Behavior in Cortex XDR Agent 7.1.3

There are no changes to default behavior in this release.

Changes to Default Behavior in Cortex XDR Agent 7.1.2

There are no changes to default behavior in this release.

Changes to Default Behavior in Cortex XDR Agent 7.1.1

There are no changes to default behavior in this release.

Changes to Default Behavior in Cortex XDR Agent 7.1

Feature
Change to Behavior
Unified High-Privileged Processes
As part of infrastructure enhancements in this release, several high-privileged processes were unified:
  • For Windows, the new
    cyserver.exe
    process now includes the old
    cyserver.exe
    ,
    CyveraService.exe
    ,
    tlaservice.exe
    , and
    twdservice.exe
    processes.
  • For Mac, the new
    pmd
    process now includes the old
    pmd
    and
    trapsd
    processes.
  • For Linux, the new high-privileged process
    dypd
    was added to apply process-specific security modules.
Future Native Support for Apple’s Deprecation of Kernel Extensions
In line with Apple’s efforts to improve security in the upcoming macOS 11.0 Big Sur release, which include the deprecation of kernel extensions by 3rd party providers, the Cortex XDR agent 7.1 release is transitioning to fully support the new operating system requirements. Starting already with macOS 10.15.4, the Cortex XDR agent no longer uses the kernel extension. Instead, the agent is designed to deploy a new Network extension and the existing System extension that together provide full coverage of the endpoint traffic, and replace the deprecated kernel extension.
During the transitioning period of both the Cortex XDR agent and the operating system, the Cortex XDR agent does not monitor the network traffic on the endpoint, and cannot report network events back to Cortex XDR. Consequently, the BIOC rules you have for network events will not work, and you will not be able to query about network events in the Query builder. The agent fully supports all other data collection and security capabilities on the endpoint.
For the full installation procedure of the Cortex XDR 7.1 agent release on Mac endpoints running macOS 10.15.4, refer to the Cortex XDR agent administrator guide.
Upgrade Path from ESM to Cortex XDR
Due to the latest changes in the Cortex XDR agent certificate for Windows, the agent upgrade path from the Endpoint Security Manager (ESM) has changed. To upgrade a Traps agent prior to the 4.2.6 release to a Cortex XDR agent 7.0.0 or later releases, you must perform the following:
  1. First, upgrade your agent to Traps 4.2.6.
  2. Then, upgrade the Traps 4.2.6 agent to Cortex XDR agent 7.0.0
  3. Finally, upgrade the Cortex XDR 7.0.0 agent to any agent release from 7.0.0 onwards.
If you are using a third party tool to perform your upgrades, you can upgrade a Traps agent prior to the 4.2.6 release directly to any release of the Cortex XDR agent.
Override Configurations on Linux Upgrades
Starting with Cortex XDR agent 7.1 release, the agent upgrade process is aligned with the upgrade process for other Operating Systems regarding which configurations to keep and which to override.
Dynamic Upload of Kernel Modules for Cortex XDR Agents
Starting with Cortex XDR agent 7.1 release, the kernel modules for Linux endpoints are uploaded dynamically on the endpoint, ensuring the agent retrieves from Cortex XDR only new and updated agent kernels that were specifically compiled for the current distribution and version running on the endpoint.
If no kernel modules are available for the endpoint, then the agent operates in asynchronous mode on the endpoint and reports the corresponding agent operation status back to Cortex XDR.
End of Support for Windows 7 Before SP1
The Cortex XDR agent 7.1 and later releases cannot be installed on endpoints running Windows 7 before SP1.
For full compatibility information, see the Compatibility Matrix.

Recommended For You