Addressed Issues in Cortex XDR Agent 7.9-CE - Release Notes - 7.9ce - Cortex XDR Agent - Cortex XDR - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Release Notes

Product
Cortex XDR Agent
Cortex XDR
Version
7.9ce
Creation date
2024-10-20
Last date published
2024-11-11
Category
Release Notes
Abstract

Addressed issues in Cortex XDR agent 7.9-CE release for Windows, macOS, iOS, and Linux.

Cortex XDR Agent 7.9.103-CE Addressed Issues

The following issues have been resolved in this release.

Issue

Description

CPATR-24407

(Linux)

Fixed an issue where on rare occasions, the Cortex XDR agent may not load the Kernel module on SUSE Linux Enterprise Server 15.3.

CPATR-24120

(Linux)

Increased the log level of a message that is issued when event collection fails to start.

CPATR-23499

Windows

Fixed an issue where a short time lapse may have been encountered, in certain VPN solutions, before endpoint management recognized the protection status of the Cortex XDR agent after the machine boots up.

Addressed Issues in Cortex XDR Agent 7.9.102-CE

The following issues have been resolved in this release.

Issue

Description

CPATR‑23360

(Linux)

Fixed an issue that may be encountered when running a clean installation with a package manager on a specific system configuration, where the clean installation may be deemed as an upgrade.

CPATR-23265

Fixed an issue so that files with special characters in the filename may be deleted with the destroy command.

CPATR-22755

(Windows)

Fixed an issue that may cause user applications to get sharing violation errors when opening Office documents that have macros or portable executable files.

CPATR-22636

(Windows)

Fixed an issue where consuming clipboard events may cause agent stability issues.

CPATR-22565

(Windows)

Improvement made to the Cortex XDR agent security and stability posture.

CPATR-22407

(Linux)

Fixed an issue where the upgrade flag is provided for clean install.

CPATR-22247

Fixed an issue that may impact endpoints that do not support the BMI2 instruction set.

CPATR-22202

Fixed an issue where for some alerts, the username field was not populated.

CPATR-21933

(Linux)

Cortex XDR agents can be deployed in Linux environments where Pod Security Admission controller enforces Pod Security Standards.

CPATR-21870

(Windows)

Fixed an issue that may lead to agent upgrade failure on non-US locale OS editions.

CPATR-21825

(Windows)

Fixed an issue where persistent hash caching may cause system deadlocks during volume dismounting.

CPATR-21465

(Linux)

Fixed an issue on RHEL 8 and RHEL 9-based endpoints that may prevent the Cortex XDR agent from starting correctly.

CPATR-21445

(Linux)

Fixed an issue that may lead to agent processes timeout.

CPATR-21331

(Windows)

Fixed an issue that may lead to high CPU resources on Windows Server endpoints.

CPATR-21125

(Linux)

Fixed a rare issue that may cause Cortex XDR agent installation to fail.

CPATR-20816

Fixed an agent stability issue that may occur after multiple cases of endpoint hardboot or by file system failures.

CPATR-20233

Fixed an issue to ensure that an interrupted scheduled scan will resume scanning as close to the scheduled timeframe as possible.

Addressed Issues In Cortex XDR Agent 7.9.101-CE

The following issues have been addressed in release 7.9.101-CE.

Issue

Description

CPATR-20548

(Windows)

Fixed an issue where local hash caching may impact application file access.

CPATR‑20300

(Windows)

Fixed an issue that may cause instability when enabling injections with Driver Verifier enabled.

CPATR‑20269

(Windows)

Fixed an issue that may cause the disk manager to handle detached virtual volumes incorrectly.

CPATR‑20215

(MacOS)

Fixed an issue where the Cortex XDR agent console falsely reported a Cortex XDR endpoint as unprotected.

CPATR-20174

Added support for Amazon Linux 2023.

CPATR-19959

(Windows)

Fixed an issue in the Java anti-deserialization protection module that may cause reporting of false positive alerts.

CPATR-19823

(Windows)

Fixed an issue that may impact boot time of Windows 11-based endpoints where virtualization-based security (VBS) was enabled.

CPATR-19721

Fixed an issue where in some cases, file scans were incomplete and could lead to incorrect detection.

CPATR-19716

Fixed an issue that affected system extension memory in rare system cases.

CPATR-19535

Fixed an issue that falsely reported Cortex XDR agent operational status when some modules were disabled in the policy profile.

CPATR-19245

Fixed an issue where the Cortex XDR agent may face connection issues to the Cortex XDR server due to missing files.

CPATR-18588

Fixed an issue where applications may fail due to virtual memory reservations.

CPATR-18293

Fixed an issue where various file system volumes, such as CSV, VSS, and VHD, could not be excluded from monitoring.

CPATR-17891

Fixed an issue with Java module protection module that could lead to Java virtual machine incompatibilities.

CPATR-15156

Fixed an issue where performing a File Search action without removing the file, results in a no file_results report being sent to the server, leaving the action in the 'In Progress' state.

Addressed issues in Cortex XDR agent 7.9-CE

Issue

Description

CPATR-19305

Fixed an issue where corruption of internal files may lead to agent instability.

CPATR-19140

Fixed an issue where the causality termination did not detect the source process correctly.

CPATR-19009

(Windows)

Fixed an issue where a Windows function registry key was created falsely, which led to the creation of empty user profiles, resulting in a compatibility issue with SCCM deployment.

CPATR-18979

(Windows)

Fixed an issue with driver unload on Windows 11 22H2 where the endpoint may come to a halt.

CPATR-18967

(Mac)

Fixed an issue where running the uninstaller.sh may lead to slowness on external apps.

CPATR-18856

In Citrix App Layering, Cortex XDR from version 7.9.1 supports content update regardless of the agent installation type.

CPATR-18853

(Windows)

Fixed an issue of incorrect domain name extraction in Windows endpoints.

CPATR-18847

(Linux)

Fixed an issue that when running with aarch64 architecture, the agent shows as partially protected.

CPATR-18797

(Mac)

Fixed an issue where the cytool startup command didn't work as expected and required the user to first stop the agent's services.

CPATR-18757

(iOS)

Fixed an issue where the Cortex XDR icon was cropped during registration.

CPATR-18754

(Windows)

Fixed an issue where the agent console may have become unavailable due to a file load conflict.

CPATR-18628

(Linux)

Fixed an issue of a potential deadlock occurring during MMAP hook.

CPATR-18625

(VDI Windows)

Fixed an issue where the Microsoft Signature check in VDIs may impact boot time.

CPATR-18608

(Linux)

Fixed an issue where a scheduled scan runs incorrectly if a manual scan is triggered.

CPATR-18580

(Windows)

Fixed an issue that occurred when virtual USB Devices were removed.

CPATR-18342

(Windows)

Fixed an issue on Windows-based Cortex XDR agents where the Java Deserialization Protection (JDP) module was activated on incompatible Java processes that were executed early during system boot.

CPATR‑18374

Fixed an issue where multiple agents begin uploading at once which may lead to overload and too many request errors.

CPATR‑18332

Fixed an issue of redundant Check-In operation during VDI session registration.

CPATR‑18314

Fixed an issue where the virtual memory count is the same in every collection.

CPATR‑18185

Fixed an issue of data corruption caused by accumulation of large amounts of data.

CPATR‑18172

Fixed an issue which caused the audit log of a successful upgrade to be reported twice.

CPATR‑18144

Fixed an issue where XDR Agent makes continuous attempts to write to the EDR directory, even when failing to read the directory's size.

CPATR‑18115

Fixed an issue where periodic network scans did not obtain operating system details due to incorrect reporting of the XDR Agent's network interface subnet mask.

CPATR‑18108

Fixed an issue which caused some services to start automatically in safe mode.

CPATR‑18100

Fixed an issue with the 'cytool import content' command which caused the command to fail.

CPATR‑17994

Fixed an issue where Cortex XDR agent mishandled preventions when the allowlist exceeded a certain size

CPATR‑17886

Fixed an issue where Cortex XDR agent sometimes caused a deadlock in the java application during native library load.

CPATR‑17814

Fixed an issue which caused threat intel log errors when the IOC feature is disabled.

CPATR‑17807

(Windows)

Fixed an issue where missing or invalid timezone keys strings prevents XDR Agent from running scripts.

CPATR-17458

Fixed an issue which prevented the resolution of DNS requests in queries.

CPATR‑16542

Fixed an issue where XDR Agent may not parse the proxies list successfully, and continues to use incorrect proxies.

CPATR‑16452

Fixed an issue which caused the wrong location to be returned by DNS queries.

CPATR‑15809

(Windows)

Fixed an issue which made XDR Agent use the endpoint's DNS suffix instead of the actual domain name.

CPATR‑10830

Fixed an issue where the alert of a post detection termination event of multiple processes or applications does not list the process/application name.