Please see the following Information Technology Services notice:
Date: 10/14/2021
Start Time: 5 pm
End Time: 5:30 pm
The following work is being completed: Upgrade of Voluntary test group Cortex endpoint security agents. Today the voluntary test group will be upgraded to version 7.5.1.
All affected groups: Cortex voluntary test group
Duration of impact: No impact is expected
All processes affected: Palo Alto has released new information regarding Cortex endpoint security agents, new and old. New versions of Cortex endpoint security agents have been released for Windows, Linux, and Mac Operating Systems versions 7.5.1. Installation packages for WSU have been built and compiled. The installation packages will be available for download by close of business day 15 October on the ISS early adoption SharePoint site.
New features introduced in Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0. To ensure continuous endpoint operations, the October 13 content pack update version 210 will introduce a feature that checks the processor and the operating system version and proactively disables the incompatible security engine in the Cortex XDR agent. This content pack will automatically install throughout WSU as this process is dynamic.
Recommendation: For complete protection against endpoint attacks, upgrade affected systems to Cortex XDR agent 7.3.4 or higher, 7.4.1 or higher, or 7.5.0 and higher.
Affected Systems:
* Cortex XDR agent version 7.2.1 – 7.3.3 and 7.4.0
* Windows 10 version 20H2 (build 19042) and above
* Intel Tiger Lake or AMD Zen-3 processors
While only Windows 10 version 21H2 and higher are incompatible, the Cortex XDR agent will disable the affected security engine in Windows 10 version 20H2, since it must be disabled prior to the upgrade to Windows 10 version 21H2.
Impact: A subset of Cortex XDR Behavioral Threat Protection (BTP) rules, primarily synchronous BTP rules, will be automatically disabled on affected systems. In addition, synchronous protections against Mimikatz-based credential theft will be disabled. The WSU Security Operations team will monitor these hosts and notify the responsible departments.
Follow up steps customers need to take: None
Contact: Jim Walsborn 5-9776.