Cortex XDR Agent Known Issues

See the list of the known issues in Cortex XDR agent 7.4.
The following table describes known issues in the Cortex XDR agent 7.4.X releases.
*This issue is resolved with content update 192 and later
The 7.4.1 agent can sometimes cause an infinite loop in a kernel driver.
When you attempt to upgrade a Cortex XDR agent 7.2.0 to a later release from the Cortex XDR management console using an rpm installer, the upgrade action remains stuck In Progress and the agent upgrade fails due to a GPG signature check.
Manual workaround: Disable the GPG signature check for the Cortex XDR agent installer by adding the
parameter to the yum installation command line.
Mac, Cortex XDR agent 7.1.2 and later running macOS 11.3
Following the changes Apple introduced in macOS 11.3 for MDMs, when you remove an MDM configuration profile that includes permissions for system extensions (for Cortex XDR agents or Global Protect), the system extensions will be instantly unloaded from all endpoints. As a result, the Cortex XDR protection status will be disabled.
Suggested workaround: Restart the extensions or restart the Cortex XDR agent.
When you make configuration changes that require you to remove an installed configuration profile, ensure that you remove the existing profile before you install the new profile. Otherwise, the new profile might not take effect on the endpoint even though it is installed.
After you deploy the new MDM configuration profile, you must restart either the endpoint or the Cortex XDR agent in one of the following methods:
  • To reload the extensions, execute
    ./cytool runtime start networkextension
    ./cytool runtime start securityextension
    (Cortex XDR agent uninstall password is not required)
  • To restart the Cortex XDR agent, execute
    ./cytool runtime stop all
    ./cytool runtime start all
    (Cortex XDR agent uninstall password is required)
Additionally, you can use your MDM to run these scripts on endpoints where the Cortex XDR agent was disabled as a result of this issue.
Refer to the Cortex XDR Agent Administrator’s Guide on installation via MDM for more information.
*This issue is resolved with content update 183-59522 and later
The following functionalities are not supported on new Apple Silicon (M1) Mac endpoints without Rosetta 2, running Cortex XDR agents 7.4:
  • Live Terminal
  • Script Execution
  • Host Insights
Suggested workaround: Install Rosetta 2.
Rosetta 2 is not pre-installed on new Apple Silicon (M1) Mac endpoints running macOS 11.X. Proceed to install it in one of the following methods:
  • Manual installation by the end user
    —Before you install the Cortex XDR agent on the endpoint, the end user must open the terminal and run one of the following commands:
    • /usr/sbin/softwareupdate --install-rosetta
      (root permission is not required)
    • /usr/sbin/softwareupdate --install-rosetta --agree-to-license
      (root permission is required)
  • Installation via MDM
    —Refer to the Cortex XDR agent Administrator’s Guide to learn how to execute these scripts on the endpoint using an MDM.
On Apple Silicon (M1) Mac endpoints running Cortex XDR agents, if you attempt to restart the agent by running
./cytool runtime restart all
it could cause unexpected behavior which could disable the Cortex XDR agent.
Suggested workaround:
To restart the agent, run these commands instead—
./cytool runtime stop all
./cytool runtime start all
(Cortex XDR agent uninstall password is required)

Recommended For You