Cortex XDR agent known issues - See the list of the known issues in Cortex XDR agent 8.7. - Release Notes - 8.7 - Cortex XDR Agent - Cortex XDR - Advanced Endpoint Protection - Security Operations

Cortex XDR Agent Release Notes

Product: Cortex XDR Agent; Cortex XDR
Version: 8.7
Creation date: 2024-12-10
Last date published: 2025-07-03
Category: Release Notes

Abstract

See the list of the known issues in Cortex XDR agent 8.7.

The following table describes known issues in the Cortex XDR agent 8.7 release.

Issue	Limitation
CPATR‑11752	Cortex XDR inaccurately reports post-detection events for DMG files as post-detection events for executables.
CPATR-18568	[Linux] On some occasions, when a container is a short-lived container (exits within a short period of time) retrieval of the container information is not guaranteed.
Device control	When enabling Device Control protection for the first time, some devices that are already connected (or paired in case of Bluetooth) to the machine will not be immediately affected by the change. The profile change will affect the connected device after one of the following occurs: Disconnect and reconnect the device A computer restart In case of Bluetooth: Toggle the Bluetooth off and on, or manually unpair the device.
Linux Kubernetes Platform, TalOS	When using TalOS, note the following: Collect insights and compliance collection are disabled. Live Terminal startup location is inside the agent pod and not on the host. All the server and user script execution initial working directories are inside the agent pod.
SELinux	When installing Cortex XDR agent on a system with SELinux enabled, a custom install directory cannot be used.
VA scanning engine	When using the Vulnerability Assessment engine, note the following issues: In some cases, the reported application version may be missing or incomplete. Applications installed for specific users will not be scanned. During a scan, memory spikes may occur.