Cortex XDR Supported Kernel Module Versions by Distribution - Compatibility Matrix - Cortex XDR - Cortex - Cortex XDR - Security Operations

Cortex XDR Compatibility Matrix

Product
Cortex XDR
Creation date
2024-01-18
Last date published
2024-06-03
Category
Compatibility Matrix
Abstract

To enable full endpoint protection features on Linux endpoints, you must use a supported Linux Kernel version.

On Linux endpoints, to perform malware analysis of Executable and Linkable Format (ELF) files and collect data for endpoint detection and response (EDR) and behavioral threat analysis, the Cortex XDR agent requires a Linux Kernel module.

If you deploy the Cortex XDR agent on a Linux server that is not running one of the Kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode, where:

  • Continuous event monitoring required for Behavioral Threat Protection is disabled.

  • Sharing endpoint activity data with Cortex apps is disabled.

  • The Local Privilege Escalation Protection module is disabled.

  • Alert indicators, such as file path or hash, can be missing for processes with a very short lifespan.

  • ELF file examination occurs in parallel with the file execution. If the Cortex XDR agent obtains a malware verdict for the file, it terminates the file execution. Security events for malware in asynchronous mode are assigned a high severity due to the potential for continued execution during the verdict request (security events in synchronous mode are medium severity).

  • Since Cortex XDR agent 7.5, Reverse Shell protection is disabled.

  • All other exploit and malware protection is enabled per your Linux Security policy rules.

Caution

To deploy on a supported Kernel version, you must ensure it is possible to load third party Kernel modules. To do so, you can either:

  • Disable UEFI SecureBoot.

  • If UEFI SecureBoot is enabled, you must load the Cortex XDR certificate.

To load the certificate, follow the instructions detailed in Cortex XDR Agent Administrator GuideCortex XDR Agent for LinuxInstall the Cortex XDR Agent for LinuxLoad SecureBoot Certificates.

Changes to the Kernel module versions are distributed with content updates. For earlier Cortex XDR agent releases, changes to the kernel module versions are distributed with the agent releases.

Latest Kernel Module Versions Supported

Here are the latest Kernel Module Version.