Changes to Default Behavior - Release Notes - 5.0 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Traps Agent Release Notes

Product
Cortex XDR
Cortex XDR Agent
Version
5.0
Creation date
2022-09-01
Last date published
2023-06-26
Category
Release Notes

Changes to Default Behavior in Traps Agent 5.0.12

Caution

Starting with Traps agent 5.0.12, you can install the agent only on Windows XP, Windows Server 2003, or Windows Embedded POSReady 2009. If you are using a newer Windows version, upgrade to Cortex XDR agent 7.2 release or later.

Changes to Default Behavior in Traps Agent 5.0.11

There are no changes to default behavior in Traps agent 5.0.11.

Changes to Default Behavior in Traps Agent 5.0.10

Traps agent 5.0.10 includes the following changes to default behavior.

Feature

Change to Default Behavior

Manual Upload of Trusted Root Certificates due to Microsoft End-of-support for Windows Embedded 2009

In light of Microsoft’s end of support for Windows Embedded 2009, you must now update the list of Trusted Root Certificates manually on the endpoint in order to enable the Traps agent to communicate with the Cortex XDR server. This applies to any Traps 5.0.X installation or upgrade from an agent that previously communicated with TMS/ESM on endpoints running Windows Vista or a previous release.

  1. On an endpoint that is connected to the internet and running Windows 7 or a later release, go to Control panelAdministrative Tools Manage Computer Certificates.

  2. Select Trusted Root Certificates. Go to Trusted Root Certification AuthoritiesCertificates.

  3. Select all items on the list, right-click and select All TasksExport. Save the PFX file.

  4. On the endpoint running Windows Vista or a previous release where you want to install / upgrade the Traps 5.0.X agent, copy the PFX file, right-click, and install.

  5. Now you can install / upgrade the Traps agent on the endpoint.

Changes to Default Behavior in Traps Agent 5.0.9

Traps agent 5.0.9 is a Windows release supported only by the Cortex XDR app, and cannot be installed or supported using the Traps management service.

Changes to Default Behavior in Traps Agent 5.0.8

There are no changes to default behavior in Traps agent 5.0.8.

Changes to Default Behavior in Traps Agent 5.0.7

There are no changes to default behavior in Traps agent 5.0.7.

Changes to Default Behavior in Traps Agent 5.0.6

Traps agent 5.0.6 includes the following changes to default behavior.

Feature

Change to Default Behavior

Traps Tampering Protection

The enabled behavior of Traps Tampering Protection (in an Agent Settings profile) has changed to allow read access instead of no access to Traps services, processes, files, and registry keys.

Changes to Default Behavior in Traps Agent 5.0.5

There are no changes to default behavior in Traps agent 5.0.5.

Changes to Default Behavior in Traps Agent 5.0.4

Traps 5.0.4 agent includes the following changes to default behavior.

Feature

Change to Default Behavior

Enhanced DLL Whitelist

The whitelist capabilities of the JIT and DLL security exploit protection modules (EPMs) has been enhanced in the default security policy.

Changes to Default Behavior in Traps Agent 5.0.3

There are no changes to default behavior in Traps agent 5.0.3.

Changes to Default Behavior in Traps Agent 5.0.2

There are no changes to default behavior in Traps agent 5.0.2.

Changes to Default Behavior in Traps Agent 5.0.1

Traps 5.0.1 agent includes the following changes to default behavior.

Feature

Change to Default Behavior

Proxy Communication

With Traps 5.0.1, you can configure Windows endpoints to use a non-secure or secure proxy server or you can specify both. With Traps 5.0.0, you had to specify both a non-secure and secure proxy server. You can define the same proxy server for non-secure and secure proxy communication, or you can define different proxy servers. For details, refer to Configure proxy communication .Use Traps Agent for Windows