Endpoint - Cortex XSIAM

Cortex XSIAM 3.x Release Notes
Product
Cortex XSIAM
Last date published
2026-06-09
FEATURE DESCRIPTION

Secure Linux workloads with broader protection coverage

Prevent malicious activity on more Linux systems without requiring kernel-level access. We expanded Child Process Protection to support User Mode, ensuring your workloads stay secure even when kernel modules aren't available. This update provides broader coverage and simpler deployment for diverse Linux environments.

Block cross-platform threats on Linux instantly

Stop cross-platform threats the moment they land on your Linux systems. We expanded on-write protection to offer automatic scanning of ELF, PE, and Mach-O files. This prevents malicious binaries from being stored on your environment, regardless of their original operating system.

Block malicious USB device attacks on macOS

Protect your macOS systems from unauthorized hardware attacks and malicious USB devices. We launched the Malicious Device Prevention module to identify and block tools like the "USB Rubber Ducky" that exploit device trust to inject unauthorized keystrokes and similar actions. This update reduces your physical attack surface and prevents hardware-based social engineering threats from compromising your data.

Isolate compromised supervised iOS devices from the console

Stop potential threats from spreading by instantly cutting off network access for compromised supervised iOS devices with Network Shield enabled. You can now isolate supervised iPhones and iPads directly from the management console to block all unauthorized traffic. Your users will see clear notifications upon isolation activation, and on their lock and home screens while the device is in this secure state.

Amazon ECS EC2 agent installer

Expanded runtime protection for AWS ECS, EC2 workloads improves real-time defense against malware, exploits, and behavioral threats using the XDR agent to help teams stop attackers.

Simplify endpoint tag management

Organize your environment more efficiently. Using APIs, you can now maintain the available tag list by permanently removing unused endpoint tags from your system.