Addressed Issues in Cortex® XDR™ Agent 7.2
The following tables lists the issues that are addressed
in Cortex® XDR™ agent 7.2 releases.
Addressed Issues in Cortex XDR Agent 7.2.3
The following table details
addressed issues in Cortex XDR agent 7.2.3.
Issue ID | Description |
|---|---|
CPATR-12803 | Fixed issue where protected Java processes,
such as OpenJDK processes, crashed in particular cases. |
CPATR-12723 ( Linux ) | Fixed an issue where in a certain scenario,
a Linux agent reached a state in which the agent halted. |
CPATR-12693 ( Linux ) | Fixed an issued where on Linux endpoints,
the Ubuntu Long Term Support (LTS) release numbers were displayed incorrectly
in the Cortex XDR management console, where digits leading zeros
are missing. For example, 12.4 was displayed instead of 12.04. |
CPATR-12675 | Fixed an issue of high disk I/O consumption
by the Cortex XDR agent. |
CPATR-12674 | Fixed an issue where some security events
were not reported to the Cortex XDR management console when the
agent is shutting down. These non-reported events are now reported
to the Cortex XDR management console when the agent service restarts. |
CPATR-12649 | Fixed an issue where the Cortex XDR agent
did not detect the existence of a macro within a Microsoft Office
document. |
CPATR-12610 | Fixed an issue where the Cortex XDR agent
reported behavioral threat protection (BTP) incidents a day after
the incidents were actually encountered. |
CPATR-12582 | Fixed an issue where the Cortex XDR management
console could not receive endpoint detection and response (EDR)
data due to a non-Unicode URL recognition problem. |
CPATR-12476 ( Windows ) | Fixed an issue where outdated WildFire verdicts
are displayed when querying the WildFire cache using the cytool
(CLI tool). |
CPATR-12337 | Fixed an issue where during a system scan,
the Cortex XDR agent did not skip the Microsoft Application Virtualization
(App-V) offline files and folders, causing the local disk to fill
up. The Cortex XDR agent now skips these files. |
CPATR-12242 | Fixed an issue where low-level disk utilities
(such as fsck , fdisk ,
etc.) on a Linux endpoint failed with Device is in use error. |
CPATR-12102 ( macOS ) | Fixed an issue where uninstallation of the agent
did not work on macOS endpoints due to erroneous user password recognition. |
CPATR-12083 ( Windows ) | Fixed an issue where the Cortex XDR agent
firewall rules on a Windows endpoint did not apply temporarily after
changing the network location of the endpoint. This occurred because
the network location change was not immediately detected. |
CPATR-11966 ( Linux ) | Fixed an issue where an upgraded Linux agent
caused containerized processes to halt. |
CPATR-11533 ( Windows ) | Fixed an issue where the status of a Windows
endpoint erroneously flipped from Enabled to Disabled in the Cortex
XDR management console. |
CPATR-11199 ( macOS ) | Fixed an issue where the Cortex XDR agent
could not be uninstalled from a macOS endpoint if the agent wasn't
running. |
CPATR-11003 | Fixed an issue where the Cortex XDR agent
exceeded the disk quota on the endpoint. The disk quota is now better
enforced. |
Addressed Issues in Cortex XDR Agent 7.2.2
The following table details
addressed issues in Cortex XDR agent 7.2.2.
Issue ID | Description |
|---|---|
CPATR-11875 | Fixed an issue where sometimes retransmitting
a file to Wild Fire caused a permanent No connection verdict. |
CPATR-11871 ( Linux ) | Fixed an issue where the Local Threat-Evaluation
Engine (LTEE) process reported Zombie status if
the kernel module was not available on the endpoint when upgrading
a Cortex XDR agent 7.2 to a later release. |
CPATR-11858 ( Windows ) | Fixed an issue where the Cortex XDR agent
failed to quarantine malicious files running on devices or partitions
formatted in Windows FAT32. |
CPATR-11845 ( macOS ) | Fixed an issue where the Cortex XDR agent
did not enforce Device Control policy on an uncommon USB device. |
CPATR-11830 ( macOS ) | Following several cases where endpoints running
macOS 10.15.4 and later halted when using Apple's Network Extension
framework, which is leveraged by the Cortex XDR agent 7.2.1 and
later, added additional exclusions of processes and services to
help reduce the probability of this issue from recurring. If
this issue persists after upgrading the Cortex XDR agent to the
7.2.2 release, contact Palo Alto Networks Support for a support exception. |
CPATR-11828 ( macOS ) | Fixed an issue where the Cortex XDR agent
failed to install on Mac endpoints if the proxy was being set through
the config.xml file. |
CPATR-11663 ( Windows ) | Fixed an issue where the Cortex XDR agent
processes suddenly halted on Windows endpoints with low memory. |
CPATR-11459 | Fixed an issue where after reboot the Cortex
XDR agent was disabled on the endpoint when the network location
was configured and detected as external, and as a result prevented the
agent from enforcing policy. |
CPATR-11373 | Fixed an issue where a user with administrator
permissions attempted to destroy a file on the endpoint, and was
denied access. |
CPATR-11313 ( Linux ) | Fixed an issue where the Cortex XDR agent
suddenly halted on Linux endpoints where User-Mode Instruction Prevention (UMIP)
was enabled. |
CPATR-11218 | Fixed an issue where the Cortex XDR agent
did not report malformed event log data. |
CPATR-10944 ( macOS ) | Fixed an issue where the Cortex XDR agent
received a malware verdict from WildFire for a previously unknown
DMG file, the agent did not create a post-detection event for the hash. |
CPATR-10748 ( macOS ) | Fixed an issue where the Malware security
profile enforced on the endpoint did not handle correctly the DMG
files in the allow list. |
Addressed Issues in Cortex XDR Agent 7.2.1
The following table details
addressed issues in Cortex XDR agent 7.2.1.
Issue ID | Description |
|---|---|
CPATR-11491 ( macOS ) | Performance improvements to the Cortex XDR
agent scanning. |
CPATR-11349 ( macOS ) | Fixed an issue where Cortex XDR incorrectly
displayed the endpoint Fully Qualified Domain Name (FQDN) instead
of the endpoint host name. |
CPATR-11311 ( Windows ) | Fixed an issue where the Cortex XDR agent
did not detect the existence of a macro within an Office document. |
CPATR-11309, CTNGTR-3437 ( Windows ) | Fixed an issue where the Cortex XDR agent
could suddenly halt in case of malformed data in the endpoint registry
values related to Folder Redirection. |
CPATR-11246 | Fixed an issue where a file verdict was changed
for a file that already existed in WildFire, the new verdict was
not applied by the Cortex XDR agent. |
CPATR-11179 ( Windows ) | Fixed an issue where the Cortex XDR agent
caused the Veeam backup service to halt on the endpoint. |
CPATR-11150 | Fixed an issue that occurred upgrading a Cortex
XDR agent release prior to 7.2.0 to the 7.2.0 agent, the allow and
block lists defined for the earlier agent release were enforced
only after agent check-in. |
CPATR-11143 ( Windows ) | Fixed an issue where the Cortex XDR agent
unexpectedly halted when a NUMA virtual machine booted with CPU
hot-add enabled. |
CPATR-11122 | Fixed an issue where sometimes the Cortex
XDR agent console suddenly halted when the end user attempted to
close it. |
CPATR-11051 ( Windows ) | Fixed an issue where the Cortex XDR agent
did not scan folders or files with special Unicode characters in
their name if the scan was initiated locally on the endpoint by
the user. |
CPATR-10963 | Fixed an issue when attempting to destroy
a file that did not exist on the endpoint, where the agent reported
back to Cortex XDR the Failed to delete file error
message instead of File not found . |
CPATR-10956 | Fixed an issue where the Cortex XDR agent
reported an incorrect scan status to Cortex XDR in case the scan
failed. |
CPATR-10010 ( Linux ) | The Cortex XDR agent can now be installed
on paravirtualized (PV) hypervisor installations of type Xen and
KVM. |
Addressed Issues in Cortex XDR Agent 7.2
There are no addressed issues to report for this major
release.
Recommended For You
Recommended Videos
Recommended videos not found.
