Known Issues in Cortex® XDR™ Agent 7.3

See the list of the known issues in Cortex XDR agent 7.3.
The following table describes known issues in the Cortex XDR agent 7.3 releases.
Issue ID
This issue is resolved in Cortex XDR agent 7.5.1 release.
When you install the agent on MacOS, a race occurs hat could cause the Cortex XDR agent to become disabled.
This issue is resolved in Cortex XDR agent 7.3.1 release.
If you installed the Cortex XDR agent 7.2.x or 7.3.x releases using an RPM installation package on a Linux endpoint running OpenSUSE or SUSE 15 SP2, you cannot upgrade the agent to a newer release.
Suggested workaround: Remove the Cortex XDR agent from the endpoint and then install the newer version.
This issue is resolved in Cortex XDR agent 7.3.2 release.
A rare race condition can cause Cortex XDR to allocate Prevent licenses instead of Pro licenses.
Suggested workaround: Perform manual check-in for the agent either through the Cortex XDR management console, from the Cortex XDR agent console, or using Cytool on the endpoint.
This issue is resolved in Cortex XDR agent 7.3.1 release.
For Linux endpoints, the Ubuntu Long Term Support (LTS) release numbers are displayed incorrectly in Cortex XDR, where digits leading zeros are missing. For example, 12.4 is displayed instead of 12.04.
This issue is resolved in Cortex XDR agent 7.3.1 release.
The Cortex XDR agent does not automatically upload the alert data dump file, even though it is configured to do so in the Agent Settings profile.
Suggested workaround: Retrieve the alert data manually from Cortex XDR.
This issue is resolved in Cortex XDR agent 7.3.1 release.
On Mac endpoints, if you stop and start the Cortex XDR network extension manually and then attempt to isolate the endpoint, the first isolation request fails.
Suggested workaround: In this case, perform the isolation twice from Cortex XDR, the first request fails but the second isolation request succeeds.
For Linux operating systems that use RPM installers, if you want to upgrade a Cortex XDR agent that was installed using a Shell installation package to a Cortex XDR agent using an rpm package, you must perform the upgrade manually on the endpoint due to manual authorizations you have to enter during this specific flow.
Cortex XDR agent 7.3 is not supported on macOS 10.12 and any upgrade attempts should fail. If you attempt to upgrade a 7.2, 7.2.1, or 7.2.2 agent to 7.3, the upgrade action halts
In Progress
Suggested workaround: Reboot the endpoint and receive
For complete compatibility information, refer to the Compatibility Matrix.
In some Cortex XDR alerts, the agent operating system sub-type displays the numeric operating system number instead of the official operating system name. For example, 8.0.1905 is displayed instead of Linux CentOS 8. Relevant for Windows, Mac, and Linux endpoints running the Cortex XDR agent 7.3 release.
When you initiate a Live Terminal request from Cortex XDR on a Mac endpoint, it can take the agent up to 15 seconds to respond.
Sometimes in alerts from Mac endpoints, the operating system does not supply a report source address on UDP events. As a result, Cortex XDR displays a source IP address of and a source port of 0 in logs and alert details.
After a Microsoft Windows patch (KB) is uninstalled from the endpoint, the Cortex XDR agent continues to report this KB to Cortex XDR. As a result, the CVEs list for the endpoint in
Vulnerability Management
cannot be updated to include the CVEs addressed by the uninstalled KB.

Recommended For You