Known Issues in Cortex® XDR™ Agent 7.3

See the list of the known issues in Cortex XDR agent 7.3.
The following table describes known issues in the Cortex XDR agent 7.3 releases.
Issue ID
Description
CPATR-12923
This issue is resolved in Cortex XDR agent 7.3.1 release.
If you installed the Cortex XDR agent 7.2.x or 7.3.x releases using an RPM installation package on a Linux endpoint running OpenSUSE or SUSE 15 SP2, you cannot upgrade the agent to a newer release.
Suggested workaround: Remove the Cortex XDR agent from the endpoint and then install the newer version.
CPATR-12879
This issue is resolved in Cortex XDR agent 7.3.2 release.
A rare race condition can cause Cortex XDR to allocate Prevent licenses instead of Pro licenses.
Suggested workaround: Perform manual check-in for the agent either through the Cortex XDR management console, from the Cortex XDR agent console, or using Cytool on the endpoint.
CPATR-12693
This issue is resolved in Cortex XDR agent 7.3.1 release.
For Linux endpoints, the Ubuntu Long Term Support (LTS) release numbers are displayed incorrectly in Cortex XDR, where digits leading zeros are missing. For example, 12.4 is displayed instead of 12.04.
CPATR-12692
This issue is resolved in Cortex XDR agent 7.3.1 release.
The Cortex XDR agent does not automatically upload the alert data dump file, even though it is configured to do so in the Agent Settings profile.
Suggested workaround: Retrieve the alert data manually from Cortex XDR.
CPATR-12670
This issue is resolved in Cortex XDR agent 7.3.1 release.
On Mac endpoints, if you stop and start the Cortex XDR network extension manually and then attempt to isolate the endpoint, the first isolation request fails.
Suggested workaround: In this case, perform the isolation twice from Cortex XDR, the first request fails but the second isolation request succeeds.
CPATR-12642
For Linux operating systems that use RPM installers, if you want to upgrade a Cortex XDR agent that was installed using a Shell installation package to a Cortex XDR agent using an rpm package, you must perform the upgrade manually on the endpoint due to manual authorizations you have to enter during this specific flow.
CPATR-12235
Cortex XDR agent 7.3 is not supported on macOS 10.12 and any upgrade attempts should fail. If you attempt to upgrade a 7.2, 7.2.1, or 7.2.2 agent to 7.3, the upgrade action halts
In Progress
status.
Suggested workaround: Reboot the endpoint and receive
Failed
status.
For complete compatibility information, refer to the Compatibility Matrix.
CPATR-12163
In some Cortex XDR alerts, the agent operating system sub-type displays the numeric operating system number instead of the official operating system name. For example, 8.0.1905 is displayed instead of Linux CentOS 8. Relevant for Windows, Mac, and Linux endpoints running the Cortex XDR agent 7.3 release.
CPATR-12027
When you initiate a Live Terminal request from Cortex XDR on a Mac endpoint, it can take the agent up to 15 seconds to respond.
CPATR-10931
Sometimes in alerts from Mac endpoints, the operating system does not supply a report source address on UDP events. As a result, Cortex XDR displays a source IP address of 0.0.0.0 and a source port of 0 in logs and alert details.
CPATR-10766
After a Microsoft Windows patch (KB) is uninstalled from the endpoint, the Cortex XDR agent continues to report this KB to Cortex XDR. As a result, the CVEs list for the endpoint in
Vulnerability Management
cannot be updated to include the CVEs addressed by the uninstalled KB.

Recommended For You