Addressed Issues in Cortex XDR Agent 7.7.3
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-17610 | Fixed an issue on Windows endpoints where XDR agent injection caused a registry key handle leakage in the System process context. |
CPATR-17561 | To provide better visibility, gap events now include the following information: the description of the filtering mechanism dropping the events, its limit and timeframe. |
CPATR-17515 | Fixed an issue where auto-upgrades to the agent may be triggering false positive alerts. |
CPATR-17466 (Linux/macOS) | Fixed a memory issue caused by spawning of pending forks for events that do not need to be analyzed. |
CPATR-17429 | Fixed an issue where in case of high memory consumption due to the anomalously large DB, the file prevalence is temporarily disabled by an adaptive policy. |
CPATR-17414 | Fixed a low free disk space issue caused by retrieval of large support log files. |
CPATR-17382 | Fixed an issue that caused multiple entries in the agent log due to a malformed configuration, leading to high resource consumption. |
CPATR-17378 (Windows) | Fixed an issue where the agent logs events outside its configuration. |
CPATR-17305 | Fixed an issue where a function for getting the current time resulted in high CPU usage by XDR agent services. |
CPATR-17291 (Windows) | Fixed an issue where in rare cases, network connections bookkeeping resulted in a memory leak. |
CPATR-17286 | Fixed an issue where cyserver may halt when the computer is low on memory |
CPATR-17276 | Fixed an issue where uploading files from an agent to Wildfire resulted in high network bandwidth consumption. |
CPATR-17269 | Fixed an issue where servers were displayed as disconnected in Cortex XDR and as active on the host, resulting in Service Stopped notifications. |
CPATR-17230 (macOS) | Fixed an issue where on rare occasions a race condition causes prevention or termination of an executed process in macOS systems which contain third party extensions in addition to Cortex XDR. |
CPATR-17198 | Fixed an issue where in some cases upon file deletion, Cortex XDR Agent service (cyserver.exe) crashes. |
CPATR-17152 | Fixed an issue where zombie processes remain in some workflows after termination of child processes. |
CPATR-17136 | Fixed an issue where local event cleanup does not reach the appropriate size. |
CPATR-16564 | Fixed an issue where force stopping the cyserver during upload of multiple files may lead it to crash. |
Addressed Issues in Cortex XDR Agent 7.7.2-hotfix
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-17371 (Windows) | Fixed an issue with support file collection. |
Addressed Issues in Cortex XDR Agent 7.7.2
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-17108 | Fixed an issue where data queue overload may impact agent performance. |
CPATR-17107 (Windows) | Fixed an issue where local data storing may impact agent performance. |
CPATR-17090 (Linux) | Fixed an issue where installation on RHEL8 with FIPS mode is not successful. |
CPATR-16943 | Fixed an issue where in some cases upon file deletion, Cortex XDR Agent service (cyserver.exe) crashes. |
CPATR-16886 (Linux) | Fixed an issue where a race condition prevents Cortex XDR Process Monitor Daemon from accessing data collected by the agent. |
CPATR-16865 (Linux) | Fixed an issue where a change in OS on an endpoint is not updated in the All Endpoints table. |
CPATR-16785 (Linux) | Fixed an issue where upgrades are not successful or some services don't start correctly because old files could not be removed. |
CPATR-16783 (Linux) | Fixed an issue where upgrades may lead to a disabled state of the agent. |
CPATR-16755 (Linux) | Fixed an issue where the agent is attempting to update when some of the processes are disabled. |
CPATR-16736 (Linux) | Fixed an issue where an upgrade may impact agent performance. |
CPATR-16666 (Linux) | Fixed a race condition where the Cortex agent injection module causes a Java exception. |
CPATR-16530 (Linux) | Fixed an issue with the dynamic protection service that results in partial protection of an affected endpoint. |
CPATR-15801 (Linux) | Fixed an installation issue on systems running RHEL 8 with FIPS mode enabled. |
Addressed Issues in Cortex XDR Agent 7.7.1
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-16354 (Windows) | Fixed an issue where the agent is shown as disabled on the firewall providers list in WSC. |
CPATR-15050 (Windows) | Required upgrade of Python version used by Cortex agent Python infrastructure on Windows from 3.7 to 3.8, due to approaching end-of-life (EoL) of 3.7. Applying KB3126587 Windows update might be required on Windows 7 Embedded. |
CPATR-16767 | Fixed an issue where the DMG path isn’t resolved on macOS Monterey. |
CPATR-16766 | Fixed an issue where a protection setting on the agent may cause the upgrade to fail. |
CPATR-16723 | Fixed an issue where a bug in cyserver caused the installer to fail on roll back. |
CPATR-16690 | Fixed an issue where multiple logged-in users during agent startup may cause the agent to pause. |
CPATR-16591 | Fixed an issue where some agent scripts failed to run due to an unknown location. |
CPATR-16566 | Fixed an issue where cyserver.exe crashes after the agent upgrades to 7.7.0. |
CPATR-16296 | Fixed an issue where in case of denial of service, the anti-malware module may lead to process termination. |
CPATR-16842 | Fixed an issue while working with a support exception that disables injection. Any restart to pmd results in a reboot loop. |
Addressed Issues in Cortex XDR Agent 7.7.0-hotfix
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-16539 | Fixed an issue addressing vulnerability CVE-2022-0778 Affected versions: < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux |
CPATR-16609 (Linux) | Fixed an issue on Linux endpoints where when running a Spring4Shell exploit an exception is generated but the process is not terminated. |
Addressed Issues in Cortex XDR Agent 7.7
The following has been addressed in this release:
Feature | Description |
|---|---|
CPATR-16387 (Windows) | Fixed an issue where agents become unresponsive following an upgrade. |
CPATR-16106 | Fixed an issue where payload versions are not updated after an agent restart. |
CPATR-15441 | Fixed an issue where the agent is using a large amount of disk space. |
CPATR-15310 (Windows) | Fixed an issue where the agent fails to first query the hardware ID. |
CPATR-15300 (Linux) | Fixed an issue with log file folder permissions. |
CPATR-15041 (MacOS) | Fixed an issue where uninstall of MacOS agent can fail due to the database structure. |
CPATR-14814 | Fixed an issue where the agent does not receive the WildFire verdict. |
CPATR-16566 | Fixed an issue where cyserver.exe crashes after agent upgrades to 7.7. |