Cortex XDR supported Kernel Module versions by distribution - To enable full endpoint protection features on Linux endpoints, you must use a supported Linux Kernel version. - Administrator Guide - 8.9 - Cortex XDR Agent - Cortex XDR - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Administrator Guide
Product
Cortex XDR Agent
Cortex XDR
Version
8.9
Creation date
2025-07-19
Last date published
2025-12-31
Category
Administrator Guide
Abstract

To enable full endpoint protection features on Linux endpoints, you must use a supported Linux Kernel version.

On Linux endpoints, to perform malware analysis of Executable and Linkable Format (ELF) files and collect data for endpoint detection and response (EDR) and behavioral threat analysis, the Cortex XDR agent requires a Linux Kernel module.

Caution

To deploy on a supported Kernel version, you must ensure it is possible to load third party Kernel modules. To do so, you can either:

  • Disable UEFI SecureBoot.

  • If UEFI SecureBoot is enabled, you must load the Cortex XDR certificate.

To load the certificate, follow the instructions detailed in Cortex XDR Agent Administrator GuideCortex XDR Agent for LinuxInstall the Cortex XDR Agent for LinuxLoad SecureBoot Certificates.

Changes to the Kernel module versions are distributed with content updates. For earlier Cortex XDR agent releases, changes to the kernel module versions are distributed with the agent releases.

Latest Kernel Module versions supported

See the latest Kernel Module versions that are supported.