Features Introduced in Cortex XDR Agent 7.8
The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:
File Name Field with Regex Support
To enable you to drill down further when performing a Forensic File Search, the File Name field has been added in the Forensic File Search action in the Action Center. In the File Name field you can add a regular expression from which to search within the file path defined. The search extracts the files that meet the criteria.
Persistent Isolation Message
Windows and Mac
Cortex XDR enables administrators to show the endpoint users that their machine has been isolated from the network. In order to enable the option, under Agent Settings, the following settings must be enabled.
If settings are enabled, and the endpoint machine is disconnected, an icon appears in the taskbar, indicating that the machine is disconnected from the network. If the endpoint user attempts to re-connect to the network, the following message is displayed. Your network access has been paused by the Administrator.
The following features were added to Cortex XDR agents running on Windows endpoints:
XQL Enhancement to Support EDR user-related operations
To expand your investigation capabilities, Cortex XDR Query Language (XQL) now supports the following changes related to endpoint detection and response (EDR) for user-related operations.
The following features were added to Cortex XDR agents running on Linux endpoints:
File System Scanning
Cortex XDR can scan your Linux endpoints for dormant malware. The agent examines the files on the endpoint. There is a default list of scanned directories which can be expanded or minimized. When a malicious file is detected during the scan, the agent reports the malware to Cortex XDR, so you can take action to remove the malware before it attempts to harm the endpoint. You can scan the endpoints in the following ways.
Support for Helm charts
The agent installation now includes the new package type Helm Installer. The Helm Installer is used for fresh installations and upgrades of Cortex XDR agents running on Kubernetes.
Data Protection for the Support File
To provide an extra layer of protection to the generated support file from the endpoint, the zip file is now password protected by an encrypted password. You can obtain the password by copying the encrypted code and running it in the Retrieve Support File Password option from the Tokens and Password button in the All Endpoints page.
Support for Openshift
Cortex XDR agent 7.8 now supports Red Hat OpenShift.
Support for Red Hat Enterprise Linux 9
Cortex XDR agent now supports RHEL 9.
Support for Ubuntu 22.04 LTS
Cortex XDR agent now supports Ubuntu 22.04.
Support for Rocky Linux 8
Cortex XDR agent now supports Rocky Linux 8.
Support for AlmaLinux 8
Cortex XDR agent now supports AlmaLinux 8.
The following features were added to Cortex XDR agents running on Mac endpoints:
New wizard for non-MDM users for support of applying system permissions
To provide non-MDM users the support of applying system permissions after an installation of the agent on a macOS, a Cortex XDR Configuration Wizard is automatically activated to guide the user through the required steps.
Agent support on macOS version 10.15.4 and above
Cortex XDR agent 7.8 is now supported on macOS 10.15.4 and above. Agent installation or upgrade on versions below that will be blocked.
Domain of user is reported
Cortex XDR Agent deployed on macOS operating systems now reports the domain of the logged in user.