Changes to Default Behavior in Cortex XDR Agent 7.5 CE - Release Notes - 7.5ce - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Release Notes

Cortex XDR
Cortex XDR Agent
Creation date
Last date published
Release Notes

Changes to default behavior in Cortex XDR agent 7.5 CE for Windows, macOS, and Linux endpoints.

Changes to Default Behavior in Cortex XDR Agent 7.5.100

The following topic describes changes to default behavior in Cortex XDR agent 7.5.100.


Change to Behavior

WildFire Queries


To support the Benign with Low Confidence verdict, a new field was added to the WildFire verdict local database. As a result, when you upgrade a Cortex XDR agent release prior to 7.5 to a Cortex XDR agent 7.5, the local WildFire cache is deleted, which could increase the number of initial WildFire queries on the endpoint after upgrade.

Retaining Cortex XDR extensions in macOS 11.3


To comply with the new operating system behavior starting with macOS 11.3, where uploading a configuration file in MDM automatically unloads from the endpoint any previously uploaded extensions by the same vendor, the Cortex XDR agent 7.5 and later retains its extensions on the endpoint in such cases.

Aggregated pop-up for Agent Uninstall


To improve user experience, now when you uninstall the Cortex XDR agent from endpoints running macOS 10.15.4 or later, you are prompted only once to enter your admin password.

Reverse Shell Protection


Starting with this release, if the Cortex XDR agent is operating in asynchronous mode then Reverse Shell Protection is not supported. For more information on supported kernel modules, see the Palo Alto Networks Compatibility Matrix.