See the list of the known limitations in Cortex XDR agent 8.9.
The following table describes the known limitations in the Cortex XDR agent 8.9.
Issue | Limitation |
|---|---|
CPATR-18568 | [Linux] On some occasions, when a container is a short-lived container (exits within a short period of time) retrieval of the container information is not guaranteed. |
Custer-level scoping | Cluster name is currently not supported in Oracle Cloud, GCP, Azure and Openshift (any cloud). For these operating systems, use the node name instead. |
Device control | When enabling Device Control protection for the first time, some devices that are already connected (or paired in case of Bluetooth) to the machine will not be immediately affected by the change. The profile change will affect the connected device after one of the following occurs:
|
File Integrity Monitoring | [Linux] When using FIM, resolving image names is currently not supported on GKE. |
Linux Kubernetes Platform, TalOS | When using TalOS, note the following:
All the server and user script execution initial working directories are inside the agent pod. |
Live Terminal support | Live Terminal is currently not supported for pure IPv6 endpoints, on all platforms. Live Terminal will not be supported with GKE Autopilot. |
SELinux | When installing Cortex XDR agent on a system with SELinux enabled, a custom install directory cannot be used. |
SLES 15 | Installing Cortex XDR agent on SLES (SUSE Linux Enterprise) 15 with SELinux enabled is unsupported. |
VA scanning engine | When using the Vulnerability Assessment engine, note the following issues:
|