Addressed Issues in Cortex® XDR™ Agent 7.4

Addressed issues in Cortex XDR agent 7.4 release for Windows, macOS, and Linux.

Addressed Issues in Cortex XDR Agent 7.4.4

The following table details addressed issues in Cortex XDR agent 7.4.4.
Feature
Description
CPATR-15441
Fixed an issue where the agent is using a large amount of disk space.
CPATR-15441
(
Windows
)
Fixed an issue where the agent is using a large amount of disk space.
CPATR-15252
(
Windows
),
CPATR-14737
Fixed an issue where querying for hardware ID changes on an endpoint, NULL values are ignored.
CPATR-14804
(
Windows
)
Fixed an issue where external USB drives scans are inconsistent with scan configuration.
CPATR-14729
(
Windows
)
Fixed an issue where some processes may crash while the DLL Security module is enabled.
CPATR-14790
(
MacOS
)
Fixed an issue where local analysis module preventions are reported with the wrong Incident ID on macOS Catalina impacting incident generation.
CPATR-14788
Fixed an issue where agent proxy settings are incorrectly stored causing endpoints to become disconnected.
CPATR-14717
Fixed an issue where the IP allow list may not always be applied correctly.
CPATR-14801
Fixed an issue where updated WildFire verdict is not stored on the agent.
CPATR-14678
Fixed an issue where an agent might fail to cancel a scan if it has reached a time-out while the agent was not running (stopped).
CPATR-14647
Fixed an issue where there was no message of successful upgrade to the current agent version.
CPATR-14726
Fixed an issue where a malware scan does not show the correct status when performing a reset.

Addressed Issues in Cortex XDR Agent 7.4.3-hotfix

The following has been addressed in this release for build numbers:
Windows - 7.4.3.40287 Mac - 7.4.3.2228 Linux - 7.4.3.39946
Feature
Description
CPATR-14895
Fixed an issue where Cortex XDR agents running without trusting certificates “GlobalSign Root CA” may encounter issues downloading upgrade packages and content updates, and may also affect large scans verdict retrieval.

Addressed Issues in Cortex XDR Agent 7.4.3

The following table details addressed issues in Cortex XDR agent 7.4.3.
Issue ID
Description
CPATR-14151
Fixed an issue where a missing user or MDM configuration might cause an unknown content filter state, resulting in the loss of network events and in network-related features not working.
CPATR-14240
Fixed an issue where requests to load or unload extensions might fail with an unknown error (OSSystemExtensionErrorDomain error 1, unknownError), and the request was not repeated.
CPATR-14243
Fixed an issue where a country flag and name were displayed, instead of the country language.
CPATR-14333
Fixed an issue where syscall provider names that did not follow a file path naming structure might cause Windows performance counter APIs to fail.
CPATR-14420
(
MacOS
)
Fixed an issue where no additional attempts were made to load or unload a MAC extension if it failed due to an unknown error.
CPATR-14430
Fixed an issue where Office macros might cause repeated uploads of the same file to WildFire if that file was successfully uploaded at least once by TUS.
CPATR-14445
Fixed an issue where file uploads unnecessarily consumed network traffic when the upload quota was surpassed.
CPATR-14560
(
Windows
)
Fixed an issue where the Cortex XDR agent might lose connectivity to the server if the endpoint network location was changed frequently.
CPATR-14568
(
MacOS
)
Fixed an issue where an unknown old WildFire verdict might not trigger a request for an expired verdict.
CPATR-14687
Fixed an issue where alerts, already categorized as exceptions, might be triggered.
CPATR-14700
(
Windows
)
Fixed a compatibility issue in Citrix App Layering in which endpoints might fail to register.

Addressed Issues in Cortex XDR Agent 7.4.2

There are no addressed issues in this release.

Addressed Issues in Cortex XDR Agent 7.4.1

The following table details addressed issues in Cortex XDR agent 7.4.1.
Issue ID
Description
CPATR-14107
(
Windows
)
Palo Alto Networks strongly recommends that you upgrade your operating system as soon as possible and follow Microsoft Security Advisory statement regarding vulnerabilities CVE-2021-1675 and CVE-2021-34527.
For Cortex XDR agents running on unpatched Windows endpoints, the Behavioral Threat Protection (BTP) module will detect and terminate the malicious attack when there is an attempt to exploit CVE-2021-1675 and CVE-2021-34527. On non-vulnerable endpoints, Cortex XDR will report the malicious attack.
CPATR-14014
Fixed an issue where updating the verdict of a file to Benign with Low Confidence for the second time failed.
CPATR-14005
(
Windows
)
Fixed an issue where renaming the Content library failed on endpoints integrated with Citrix AppLayering.
CPATR-13951
(
Windows
)
Fixed an issue where recursive filesystem calls could cause the endpoint to halt.
CPATR-13898
(
Windows
)
Fixed an issue on endpoints with 3rd party solutions using a proprietary file system, where the endpoint could suddenly halt.
CPATR-13855
Fixed an issue where after upgrading the Cortex XDR agent to the 7.4.0 release, the scan of a hash with a Benign verdict could timeout.
CPATR-13851
Fixed an issue where after you added an unknown hash to the Cortex XDR Allow List, if later WildFire returned a Malware verdict, then post detection alerts were generated.
CPATR-13850
Fixed an issue where if the first attempt to upgrade a Cortex XDR agent 7.4.0.X to a newer release failed, then all subsequent upgrade attempts failed as well.
CPATR-13789
(
Windows
)
Fixed a compatibility issue with the ROP Mitigation module running on 64-bit architecture.
CPATR-13750
(
Windows
)
Fixed an issue on Windows file servers 2012, where after upgrading the Cortex XDR agent to the 7.4.0 release, the endpoint could reboot on rare occasions.
CPATR-13739
(
Linux
)
Fixed an issue where the Cytool process failed, if other processes on the endpoint were executed with certain command lines.
CPATR-13558
(
Linux
)
Optimized the Anti-Malware flow to reduce the number of actions performed by the Cortex XDR agent when scanning containerized applications, leading to lower latency and CPU usage.
CPATR-13542
(
Windows
)
Fixed an issue where in rare cases, the Cortex XDR agent startup delayed the endpoint startup, leaving the endpoint partially protected during this time.
CPATR-13126
(
Linux
)
Fixed an issue where IBM WebsShere failed to start after the Cortex XDR agent on the endpoint was upgraded to 7.3.0 or a later release.
CPATR-12448
(
Windows
)
Fixed an issue where upgrading the Cortex XDR agent to a newer release failed if during the upgrade process, a 3rd party running on the endpoint was holding a handle to the agent service. For the fix to take effect, the upgrade must be performed from a fixed Cortex XDR agent 7.4.1 release or later.

Addressed Issues in Cortex XDR Agent 7.4

The following table details addressed issues in Cortex XDR agent 7.4
Feature
Description
CPATR-12633
(
Windows
)
Fixed security issues.
CPATR-13408
(
Windows
)
Fixed security issue.

Recommended For You