Addressed Issues in Cortex XDR Agent 7.6

Addressed issues in Cortex XDR agent 7.6 release for Windows, macOS, and Linux.

Addressed Issues in Cortex XDR Agent 7.6.3

The following have been addressed in this release:
Feature
Description
CPATR-16290
(
MacOS
)
Fixed an issue for the Kernel Privilege Escalation module, which may have false positives.
CPATR-16767
(
MacOS
)
Fixed an issue where the DMG path isn’t resolved on macOS Monterey.
CPATR-16886
(
Linux
)
Fixed an issue where a race condition prevents Cortex XDR Process Monitor Daemon from accessing data collected by the agent.
CPATR-16755
(
Linux
)
Fixed an issue where updating is not possible if initialization failed.
CPATR-16387
(
Windows
)
Fixed an issue where there is a race condition preventing the agent driver from unloading.
CPATR-16377
(
Linux
)
Fixed an issue where working with an external name resolution service may result in the service crashing.
CPATR-16354
Fixed an issue where the agent is shown as disabled on the firewall providers list in WSC.
CPATR-16300
Fixed an issue where support exception expiration is not working as expected.
CPATR-16106
Fixed an issue where agent restart prevents the new payload version from updating.
CPATR-15771
Fixed an issue where a delay in accessing a file may be caused due to a misconfigured verdict.
CPATR-15545
Fixed an issue where the agent does not detect that a scan was running before it was restarted.
CPATR-14814
Fixed an issue where non-UTF-8 characters cause the hash verdict to be stored incorrectly.
CPATR-16865
Fixed an issue where a change in OS on an endpoint is not updated in the All Endpoints table.
CPATR-16785
Fixed an issue where upgrades are not successful or some services don't start correctly because old files could not be removed.
CPATR-15156
Fixed an issue where performing a File Search action on an EDR-supported file type without destroying the file, results in a no file_results report being sent to the server and the action is stuck on In Progress.

Addressed Issues in Cortex XDR Agent 7.6.2-hotfix

The following has been addressed in this release:
Feature
Description
CPATR-16539
Fixed an issue addressing vulnerability CVE-2022-0778
Affected versions: < 7.6.2.60545 on Windows, < 7.6.2.2311 on macOS, < 7.6.2.59612 on Linux

Addressed Issues in Cortex XDR Agent 7.6.2

The following have been addressed in this release:
Feature
Description
CPATR-15591
Fixed an issue where the agent TMP folder fills up.
CPATR-15041
(
MacOS
)
Fixed an issue where uninstall of MacOS agent can fail due to the database structure.
CPATR-15752
(
MacOS
)
Fixed an issue where setting the malware profile to block on MacOS may cause instability on the machine.
CPATR-15613
(
MacOS
)
Fixed an issue where the Host Firewall on MacOs machines may halt agent communication.
CPATR-15591
(
Linux
)
Fixed an issue where the payload executer unexpectedly reports dual errors for the same execution resulting in incorrect handling of the original error message.
CPATR-15041
(
MacOS
)
Fixed an issue where uninstall of MacOS agent can fail due to the database structure.

Addressed Issues in Cortex XDR Agent 7.6.1

The following have been addressed in this release:
Feature
Description
CPATR-15441
Fixed an issue where the agent is using a large amount of disk space.
CPATR-15310
(
Windows
)
Fixed an issue where the agent fails to first query the hardware ID.
CPATR-15300
(
Linux
)
Fixed an issue with log file folder permissions.
CPATR-14698
Fixed an issue Search Collection searches run multiple times.
CPATR-15445
(
Windows
)
Fixed an issue where an Azure virtual desktop is detected as Endpoint Type: Server.
CPATR-15041
(
MacOS
)
Fixed an issue where in some cases cannot uninstall MacOS agents.
CPATR-15207
(
MacOS
)
Fixed an issue where when adding an IP address range to the Host Firewall configuration, the IP address is not included in the range.
CPATR-15211
(
Linux
)
Fixed an issue where when upgrading the agent, the agent does not send audit logs.
CPATR-15300
(
Linux
)
Fixed an issue with
log file
folder permissions.
CPATR-15407
(
Linux
)
Fixed an issue with validation of Distribution ID registration.
CPATR-15310
(
Windows
)
Fixed an issue where the agent fails to first query the hardware ID.
CPATR-15252
(
Windows
)
Fixed an issue where when querying HWID changes, NULL value is ignored.
CPATR-15228
Fixed an issue where agent crashes when deleting by hash more than the maximum configured number of file.
CPATR-15441
(
Windows
)
Fixed an issue where the agent is using a large amount of disk space.
CPATR-15300
(
Linux
)
Fixed an issue with
log file
folder permissions.

Addressed Issues in Cortex XDR Agent 7.6

The following have been addressed in this release:
Feature
Description
CPATR-14804
(
Windows
)
Fixed an issue where external USB drives scans are inconsistent with scan configuration.
CPATR-14801
Fixed an issue where updated WildFire verdict is not stored on the agent.
CPATR-14790
(
MacOS
)
Fixed an issue where local analysis module preventions are reported with the wrong Incident ID on macOS Catalina impacting incident generation.
CPATR-14788
Fixed an issue where agent proxy settings are incorrectly stored causing endpoints to become disconnected.
CPATR-15252
(
Windows
),
CPATR-14737
Fixed an issue where querying for hardware ID changes on an endpoint, NULL values are ignored.
CPATR-14729
(
Windows
)
Fixed an issue where some processes may crash while the DLL Security module is enabled.
CPATR-14726
Fixed an issue where a malware scan does not show the correct status when performing a reset.
CPATR-14717
Fixed an issue where the IP allow list may not always be applied correctly.
CPATR-14678
Fixed an issue where an agent might fail to cancel a scan if it has reached a time-out while the agent was not running (stopped).
CPATR-14647
Fixed an issue where there was no message of successful upgrade to the current agent version.
CPATR-14950
Fixed an issue where wildfire updates after an upgrade may cause a scan to halt.
CPATR-15048
Fixed an issue where a prevention alert displays as Detected instead of Blocked.
CPATR-15058
Fixed an issue where policy recalculation is triggered incorrectly.
CPATR-14737
Fixed an issue where querying for hardware ID changes on an endpoint, NULL values are ignored.
XDRSUP-7193
Fixed an issue where when installing an agent on Windows endpoint causes shell related issues.

Addressed Issues in Cortex XDR Agent 7.6.0-hotfix

The following has been addressed in this release:
Feature
Description
CPATR-14585
(
Windows
)
Fixed an issue on Windows endpoints where cloned processes could cause the endpoint to halt.The cloning mechanism is most common in Unix-based applications running the fork command, which is implemented by the Windows kernel cloning mechanism. However, in some cases, this issue could reproduce without Unix-based applications.

Recommended For You