Features Introduced in Cortex XDR Agent 7.8 - Release Notes - 7.8 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Release Notes

Cortex XDR
Cortex XDR Agent
Creation date
Last date published

Features Introduced in Cortex XDR Agent 7.8

Cross-Platform Features

The following features were added to Cortex XDR agents running on Windows, Linux, and Mac endpoints:



File Name Field with Regex Support

To enable you to drill down further when performing a Forensic File Search, the File Name field has been added in the Forensic File Search action in the Action Center. In the File Name field you can add a regular expression from which to search within the file path defined. The search extracts the files that meet the criteria.Forensics Add-on Options

Persistent Isolation Message

Windows and Mac

Cortex XDR enables administrators to show the endpoint users that their machine has been isolated from the network. In order to enable the option, under Agent Settings, the following settings must be enabled.Isolate an Endpoint

  • Persistent Isolation Notification

  • Blocked Connectivity Notification

If settings are enabled, and the endpoint machine is disconnected, an icon appears in the taskbar, indicating that the machine is disconnected from the network. If the endpoint user attempts to re-connect to the network, the following message is displayed. Your network access has been paused by the Administrator.

Windows Features

The following features were added to Cortex XDR agents running on Windows endpoints:



XQL Enhancement to Support EDR user-related operations

To expand your investigation capabilities, Cortex XDR Query Language (XQL) now supports the following changes related to endpoint detection and response (EDR) for user-related operations.

ENUM.USER_SESSION, provides information about user-related operations that happened in user sessions with the following event subtypes

  • ENUM.USER_SESSION_GET_CLIPBOARD—Indicates whether an application has read from the clipboard and lists the application which copied the data into the clipboard.

  • ENUM.USER_SESSION_SET_CLIPBOARD—Indicates whether an application has set data into the clipboard, where only metadata about the clipboard is sent.

  • ENUM.USER_SESSION_WINDOW_FOCUS_CHANGE—Indicates whether the foreground window has changed and supplies the title for the top window of the foreground window.

  • ENUM.USER_SESSION_WINDOW_TITLE_CHANGE—Indicates whether the title of the top window of the foreground window has changed.

Linux Features

The following features were added to Cortex XDR agents running on Linux endpoints:



File System Scanning

Cortex XDR can scan your Linux endpoints for dormant malware. The agent examines the files on the endpoint. There is a default list of scanned directories which can be expanded or minimized. When a malicious file is detected during the scan, the agent reports the malware to Cortex XDR, so you can take action to remove the malware before it attempts to harm the endpoint. You can scan the endpoints in the following ways.

  • Periodic scan

  • Custom scan

Support for Helm charts


The agent installation now includes the new package type Helm Installer. The Helm Installer is used for fresh installations and upgrades of Cortex XDR agents running on Kubernetes.

Data Protection for the Support File

To provide an extra layer of protection to the generated support file from the endpoint, the zip file is now password protected by an encrypted password. You can obtain the password by copying the encrypted code and running it in the Retrieve Support File Password option from the Tokens and Password button in the All Endpoints page.Retrieve Support File Password

Support for Openshift

Cortex XDR agent 7.8 now supports Red Hat OpenShift.

Support for Red Hat Enterprise Linux 9

Cortex XDR agent now supports RHEL 9.

Support for Ubuntu 22.04 LTS

Cortex XDR agent now supports Ubuntu 22.04.

Support for Rocky Linux 8

Cortex XDR agent now supports Rocky Linux 8.

Support for AlmaLinux 8

Cortex XDR agent now supports AlmaLinux 8.

Mac Features

The following features were added to Cortex XDR agents running on Mac endpoints:



New wizard for non-MDM users for support of applying system permissions

To provide non-MDM users the support of applying system permissions after an installation of the agent on a macOS, a Cortex XDR Configuration Wizard is automatically activated to guide the user through the required steps.Configure Cortex XDR Agent for Mac

Agent support on macOS version 10.15.4 and above

Cortex XDR agent 7.8 is now supported on macOS 10.15.4 and above. Agent installation or upgrade on versions below that will be blocked.

Domain of user is reported

Cortex XDR Agent deployed on macOS operating systems now reports the domain of the logged in user.