Addressed Issues in Cortex® XDR™ Agent 7.7

Addressed issues in Cortex XDR agent 7.7 release for Windows, macOS, and Linux.

Addressed Issues in Cortex XDR Agent 7.7.3-hotfix

The following has been addressed in this release:
Feature
Description
CPATR-17933
Fixed an issue that may lead to a leak in storage usage by the Cortex XDR agent when endpoints are generating many executables.

Addressed Issues in Cortex XDR Agent 7.7.3

The following has been addressed in this release:
Feature
Description
CPATR-17610
Fixed an issue on Windows endpoints where XDR agent injection caused a registry key handle leakage in the System process context.
CPATR-17561
To provide better visibility, gap events now include the following information: the description of the filtering mechanism dropping the events, its limit and timeframe.
CPATR-17515
Fixed an issue where auto-upgrades to the agent may be triggering false positive alerts.
CPATR-17466
(
Linux/macOS
)
Fixed a memory issue caused by spawning of pending forks for events that do not need to be analyzed.
CPATR-17429
Fixed an issue of high memory consumption due to the anomalously large DB.
CPATR-17414
Fixed a low free disk space issue caused by retrieval of large support log files.
CPATR-17382
Fixed an issue that caused multiple entries in the agent log due to a malformed configuration, leading to high resource consumption.
CPATR-17378
(
Windows
)
Fixed an issue where the agent logs events outside its configuration.
CPATR-17305
Fixed an issue where a function for getting the current time resulted in high CPU usage by XDR agent services.
CPATR-17291
(
Windows
)
Fixed an issue where in rare cases, network connections bookkeeping resulted in a memory leak.
CPATR-17286
Fixed an issue where cyserver may halt when the computer is low on memory
CPATR-17276
Fixed an issue where uploading files from an agent to Wildfire resulted in high network bandwidth consumption.
CPATR-17269
Fixed an issue where servers were displayed as disconnected in Cortex XDR and as active on the host, resulting in Service Stopped notifications.
CPATR-17230
(
macOS
)
Fixed an issue where on rare occasions a race condition causes prevention or termination of an executed process in macOS systems which contain third party extensions in addition to Cortex XDR.
CPATR-17198
Fixed an issue where in some cases upon file deletion, Cortex XDR Agent service (cyserver.exe) crashes.
CPATR-17152
Fixed an issue where zombie processes remain in some workflows after termination of child processes.
CPATR-17136
Fixed an issue where local event cleanup does not reach the appropriate size.
CPATR-16564
Fixed an issue where force stopping the cyserver during upload of multiple files may lead it to crash.

Addressed Issues in Cortex XDR Agent 7.7.2-hotfix

The following has been addressed in this release:
Feature
Description
CPATR-17371
(
Windows
)
Fixed an issue with support file collection.

Addressed Issues in Cortex XDR Agent 7.7.2

The following has been addressed in this release:
Feature
Description
CPATR-17108
Fixed an issue where data queue overload may impact agent performance.
CPATR-17107
(
Windows
)
Fixed an issue where local data storing may impact agent performance.
CPATR-17090
(
Linux
)
Fixed an issue where installation on RHEL8 with FIPS mode is not successful.
CPATR-16943
Fixed an issue where in some cases upon file deletion, Cortex XDR Agent service (cyserver.exe) crashes.
CPATR-16886
(
Linux
)
Fixed an issue where a race condition prevents Cortex XDR Process Monitor Daemon from accessing data collected by the agent.
CPATR-16865
(
Linux
)
Fixed an issue where a change in OS on an endpoint is not updated in the All Endpoints table.
CPATR-16785
(
Linux
)
Fixed an issue where upgrades are not successful or some services don't start correctly because old files could not be removed.
CPATR-16783
(
Linux
)
Fixed an issue where upgrades may lead to a disabled state of the agent.
CPATR-16755
(
Linux
)
Fixed an issue where the agent is attempting to update when some of the processes are disabled.
CPATR-16736
(
Linux
)
Fixed an issue where an upgrade may impact agent performance.
CPATR-16666
(
Linux
)
Fixed a race condition where the Cortex agent injection module causes a Java exception.
CPATR-16530
(
Linux
)
Fixed an issue with the dynamic protection service that results in partial protection of an affected endpoint.
CPATR-15801
(
Linux
)
Fixed an installation issue on systems running RHEL 8 with FIPS mode enabled.

Addressed Issues in Cortex XDR Agent 7.7.1

The following has been addressed in this release:
Feature
Description
CPATR-16354
(
Windows
)
Fixed an issue where the agent is shown as disabled on the firewall providers list in WSC.
CPATR-15050
(
Windows
)
Required upgrade of Python version used by Cortex agent Python infrastructure on Windows from 3.7 to 3.8, due to approaching end-of-life (EoL) of 3.7. Applying KB3126587 Windows update might be required on Windows 7 Embedded.
CPATR-16767
Fixed an issue where the DMG path isn’t resolved on macOS Monterey.
CPATR-16766
Fixed an issue where a protection setting on the agent may cause the upgrade to fail.
CPATR-16723
Fixed an issue where a bug in cyserver caused the installer to fail on roll back.
CPATR-16690
Fixed an issue where multiple logged-in users during agent startup may cause the agent to pause.
CPATR-16591
Fixed an issue where some agent scripts failed to run due to an unknown location.
CPATR-16566
Fixed an issue where cyserver.exe crashes after the agent upgrades to 7.7.0.
CPATR-16296
Fixed an issue where in case of denial of service, the anti-malware module may lead to process termination.
CPATR-16842
Fixed an issue while working with a support exception that disables injection. Any restart to pmd results in a reboot loop.

Addressed Issues in Cortex XDR Agent 7.7.0-hotfix

The following has been addressed in this release:
Feature
Description
CPATR-16539
Fixed an issue addressing vulnerability CVE-2022-0778
Affected versions: < 7.7.0.60725 on Windows, < 7.7.0.2356 on macOS, < 7.7.0.59559 on Linux
CPATR-16609
(
Linux
)
Fixed an issue on Linux endpoints where when running a Spring4Shell exploit an exception is generated but the process is not terminated.

Addressed Issues in Cortex XDR Agent 7.7

The following has been addressed in this release:
Feature
Description
CPATR-16387
(
Windows
)
Fixed an issue where agents become unresponsive following an upgrade.
CPATR-16106
Fixed an issue where payload versions are not updated after an agent restart.
CPATR-15441
Fixed an issue where the agent is using a large amount of disk space.
CPATR-15310
(
Windows
)
Fixed an issue where the agent fails to first query the hardware ID.
CPATR-15300
(
Linux
)
Fixed an issue with log file folder permissions.
CPATR-15041
(
MacOS
)
Fixed an issue where uninstall of MacOS agent can fail due to the database structure.
CPATR-14814
Fixed an issue where the agent does not receive the WildFire verdict.
CPATR-16566
Fixed an issue where cyserver.exe crashes after agent upgrades to 7.7.

Recommended For You