Addressed Issues in Cortex® XDR™ Agent 7.3

Addressed issues in Cortex XDR agent 7.3 releases for Windows, macOS, and Linux.

Addressed Issues in Cortex XDR Agent 7.3.3

The following table details addressed issues in Cortex XDR agent 7.3.3.
Issue ID
Description
CPATR-14560
(
Windows
)
Fixed an issue where the Cortex XDR agent could lose connectivity to the server if the endpoint network location was changed frequently.
CPATR-14151
(
Mac
)
Fixed some issues where missing user or MDM configuration could result in an unknown content filter state, causing loss of network events and network-related features not to work.
CPATR-13851
Fixed an issue where after you added an unknown hash to the Cortex XDR Allow List, if later WildFire returned a Malware verdict, post detection alerts were generated.
CPATR-13789
Fixed a compatibility issue with return-oriented programming (ROP) mitigation module running on a 64-bit CPU architecture.
CPATR-13739
(
Linux
)
Fixed an issue where the Cytool process failed, if other processes on the endpoint were executed with certain command lines.
CPATR-13558
(
Linux
)
Optimized the Anti-Malware flow to reduce the number of actions performed by the Cortex XDR agent when scanning containerized applications, leading to lower latency and CPU usage.
CPATR-13542
(
Windows
)
Fixed an issue where in rare cases, the Cortex XDR agent startup delayed the endpoint startup, leaving the endpoint partially protected during this time.
CPATR-13498
(
Linux
)
Fixed an issue where in rare cases during the collection of the Cortex XDR agent tech support file (TSF), the collection process halted if there were inaccessible NFS files.
CPATR-13467
(
Mac
)
Fixed an issue where endpoints using IP4 addresses for VPN network interfaces were reported as
Not installed
in the Cortex XDR Asset Management.
CPATR-11883
(
Mac
)
Fixed an issue on endpoints running macOS 10.15.4 and later using Apple's Network Extension framework, which is leveraged by the Cortex XDR agent 7.2.1 and later, where sometimes the Network Extension did not load and the agent stopped reporting network statistics after upgrading a Cortex XDR 7.2.1 release to any other release.

Addressed Issues in Cortex XDR Agent 7.3.2

The following table details addressed issues in Cortex XDR agent 7.3.2.
Issue ID
Description
CPATR-13443
(
Linux
)
Fixed a discrepancy in the operational status shown for the Cortex XDR agent for Linux, where the 'Anti-Malware' status actually represented 'Anti-Exploit', and vice versa.
CPATR-13384
Fixed an issue with a local database used by the 'Search and Destroy' feature on the agent. Prior to the fix, no results were shown for searches on endpoints with an unusually large number of files.
CPATR-13348
(
Linux
)
Fixed an issue where during the injection to protected processes, the target process halted.
CPATR-13303
Fixed an issue where in some cases, shared network drives were not available for malware scan due to the method by which the drives were mounted and represented in the operating system.
CPATR-13269
Fixed an issue where abnormally high CPU usage is consumed by the agent when it is not connected to the Cortex XDR server.
CPATR-13191
Fixed an issue where a corrupt file used by the Cortex XDR agent caused the agent to halt.
CPATR-13183
(
macOS
)
Fixed a functional issue of the Cortex XDR agent on macOS endpoints.
CPATR-13151
(
Linux
)
Fixed an issue where during the startup process of the Linux operating system, the agent services started prematurely and failed to run.
CPATR-13130
(
Windows
)
Fixed an issue with the Cortex XDR Host Firewall, where the agent needed a few minutes to detect that the network interface and location has changed, keeping Host Firewall rules to still apply to the previous network interface.
CPATR-13043
Fixed a rare issue where after upgrading the agent, the agent reported historic alerts again to the Cortex XDR server.
CPATR-12970
(
macOS
)
Fixed an issue where the Cortex XDR agent on macOS halted abruptly in some rare cases.
CPATR-12879
Fixed a rare issue where Cortex XDR Prevent license could be allocated instead of a Cortex XDR Pro license.
CPATR-12825
Fixed an issue where in cases of malware scans, if many files are unknown to WildFire, the CPU usage and I/O throughput of the endpoint spiked during the upload operation.
CPATR-12758
(
Windows 10
)
Fixed an issue where Cortex XDR agent endpoints with Windows 10 20H1 and 20H2 editions failed to shut down or resume from hibernation.
CPATR-10931
(
macOS
)
Fixed an issue where in some alerts from Mac endpoints, the operating system does not provide a report source address on UDP events. As a result, Cortex XDR displays a source IP address of 0.0.0.0 and a source port of 0 in the log and alert details.

Addressed Issues in Cortex XDR Agent 7.3.1

The following table details addressed issues in Cortex XDR agent 7.3.1
Issue ID
Description
CPATR-12923
(
Linux
)
Fixed an issue where if you installed the Cortex XDR agent 7.2.X or 7.3.X releases using an RPM installation package on a Linux endpoint running OpenSUSE or SUSE 15 SP2, you could not upgrade the agent to a newer release.
CPATR-12810
(
Windows
)
Fixed an issue of high disk I/O consumption after upgrading to the Cortex XDR agent 7.3 release.
CPATR-12803
(
Linux
)
Fixed an issue where sometimes protected Java processes, such as OpenJDK processes, suddenly halted on the endpoint.
CPATR-12722, CPATR-12674
Fixed an issue where some security events were not reported to the Cortex XDR management console when the agent was shutting down. These non-reported events are now reported to the Cortex XDR management console when the agent service restarts.
CPATR-12693
(
Linux
)
Fixed an issued where the Ubuntu Long Term Support (LTS) release numbers were displayed incorrectly in the Cortex XDR management console, where digits leading zeros are missing. For example, 12.4 was displayed instead of 12.04.
CPATR-12692
Fixed an issue where the Cortex XDR agent did not automatically upload the alert data dump file, even though it was configured to do so in the Agent Settings profile.
CPATR-12675
Fixed an issue of high disk I/O consumption by the Cortex XDR agent when enabling File Search and Destroy.
CPATR-12670
(
Mac
)
Fixed an issue where if you stopped and started the Cortex XDR network extension manually and then attempted to isolate the endpoint, the first isolation request failed.
CPATR-12649
Fixed an issue where the Cortex XDR agent did not detect the existence of a macro within a Microsoft Office document.
CPATR-12337
Fixed an issue where during a system scan, the Cortex XDR agent did not skip the Microsoft Application Virtualization (App-V) offline files and folders, causing the local disk to fill up. The Cortex XDR agent now skips these files.
CPATR-12242
(
Linux
)
Fixed an issue where low-level disk utilities (such as fsck, fdisk, etc.) failed with
Device is in use
error.
CPATR-10614
(
Windows
)
Fixed an issue where the Cortex XDR agent did not report post detection events of Office files with macros to the management server. In case of post detection events of Office file with macros, the agent does not terminate the source process regardless of the applied Malware Profile.

Addressed Issues in Cortex XDR Agent 7.3

There are no addressed issues in this release.

Recommended For You