Fixed issue where protected Java processes, such as OpenJDK processes, crashed in particular cases.

Fixed an issue where in a certain scenario, a Linux agent reached a state in which the agent halted.

Fixed an issued where on Linux endpoints, the Ubuntu Long Term Support (LTS) release numbers were displayed incorrectly in the Cortex XDR management console, where digits leading zeros are missing. For example, 12.4 was displayed instead of 12.04.

Fixed an issue of high disk I/O consumption by the Cortex XDR agent.

Fixed an issue where some security events were not reported to the Cortex XDR management console when the agent is shutting down. These non-reported events are now reported to the Cortex XDR management console when the agent service restarts.

Fixed an issue where the Cortex XDR agent did not detect the existence of a macro within a Microsoft Office document.

Fixed an issue where the Cortex XDR agent reported behavioral threat protection (BTP) incidents a day after the incidents were actually encountered.

Fixed an issue where the Cortex XDR management console could not receive endpoint detection and response (EDR) data due to a non-Unicode URL recognition problem.

Fixed an issue where outdated WildFire verdicts are displayed when querying the WildFire cache using the cytool (CLI tool).

Fixed an issue where during a system scan, the Cortex XDR agent did not skip the Microsoft Application Virtualization (App-V) offline files and folders, causing the local disk to fill up. The Cortex XDR agent now skips these files.

Fixed an issue where low-level disk utilities (such as

fsck

,

fdisk

, etc.) on a Linux endpoint failed with

Device is in use

error.

Fixed an issue where uninstallation of the agent did not work on macOS endpoints due to erroneous user password recognition.

Fixed an issue where the Cortex XDR agent firewall rules on a Windows endpoint did not apply temporarily after changing the network location of the endpoint. This occurred because the network location change was not immediately detected.

Fixed an issue where the agent did not analyze the macro content within a Microsoft Office document.

Fixed an issue where an upgraded Linux agent caused containerized processes to halt.

Addressed security issues.

Fixed an issue where the status of a Windows endpoint erroneously flipped from Enabled to Disabled in the Cortex XDR management console.

Fixed an issue where the Cortex XDR agent could not be uninstalled from a macOS endpoint if the agent wasn't running.

Fixed an issue where sometimes retransmitting a file to Wild Fire caused a permanent

No connection

verdict.

Fixed an issue where the Local Threat-Evaluation Engine (LTEE) process reported

Zombie

status if the kernel module was not available on the endpoint when upgrading a Cortex XDR agent 7.2 to a later release.

Fixed an issue where the Cortex XDR agent failed to quarantine malicious files running on devices or partitions formatted in Windows FAT32.

Fixed an issue where the Cortex XDR agent did not enforce Device Control policy on an uncommon USB device.

Following several cases where endpoints running macOS 10.15.4 and later halted when using Apple's Network Extension framework, which is leveraged by the Cortex XDR agent 7.2.1 and later, added additional exclusions of processes and services to help reduce the probability of this issue from recurring.

If this issue persists after upgrading the Cortex XDR agent to the 7.2.2 release, contact Palo Alto Networks Support for a support exception.

Fixed an issue where the Cortex XDR agent failed to install on Mac endpoints if the proxy was being set through the

config.xml

file.

Fixed an issue where the Cortex XDR agent processes suddenly halted on Windows endpoints with low memory.

Fixed an issue where after reboot the Cortex XDR agent was disabled on the endpoint when the network location was configured and detected as external, and as a result prevented the agent from enforcing policy.

Fixed an issue where a user with administrator permissions attempted to destroy a file on the endpoint, and was denied access.

Fixed an issue where the Cortex XDR agent suddenly halted on Linux endpoints where User-Mode Instruction Prevention (UMIP) was enabled.

Fixed an issue where the Cortex XDR agent did not report malformed event log data.

Fixed an issue where the Cortex XDR agent received a malware verdict from WildFire for a previously unknown DMG file, the agent did not create a post-detection event for the hash.

Performance improvements to the Cortex XDR agent scanning.

Fixed an issue where Cortex XDR incorrectly displayed the endpoint Fully Qualified Domain Name (FQDN) instead of the endpoint host name.

Fixed an issue where the Cortex XDR agent did not detect the existence of a macro within an Office document.

Fixed an issue where the Cortex XDR agent could suddenly halt in case of malformed data in the endpoint registry values related to Folder Redirection.

Fixed an issue where a file verdict was changed for a file that already existed in WildFire, the new verdict was not applied by the Cortex XDR agent.

Fixed an issue where the Cortex XDR agent caused the Veeam backup service to halt on the endpoint.

Fixed an issue that occurred upgrading a Cortex XDR agent release prior to 7.2.0 to the 7.2.0 agent, the allow and block lists defined for the earlier agent release were enforced only after agent check-in.

Fixed an issue where the Cortex XDR agent unexpectedly halted when a NUMA virtual machine booted with CPU hot-add enabled.

Fixed an issue where sometimes the Cortex XDR agent console suddenly halted when the end user attempted to close it.

Fixed an issue where the Cortex XDR agent did not scan folders or files with special Unicode characters in their name if the scan was initiated locally on the endpoint by the user.

Fixed an issue when attempting to destroy a file that did not exist on the endpoint, where the agent reported back to Cortex XDR the

Failed to delete file

error message instead of

File not found

.

Fixed an issue where the Cortex XDR agent reported an incorrect scan status to Cortex XDR in case the scan failed.