🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Agent Known Issues

Windows

Important

If you are experiencing a problem with Advanced Kernel Telemetry, one troubleshooting step to try is to uninstall third-party security products to triage and gather logs to help trace the issue to the root cause. This would be a temporary step to help isolate the issue so that the team can identify a fix.

Compatibility issues are often a result of multiple security products using the same points to hook into the operating system, causing conflicts with operations. Secureworks may need to work with the third-party vendor or others to identify and resolve the conflict.

Version 1.2.x and 2.x.x Compatibility Issues

The Windows Taegis™ Endpoint Agent version 1.2.x and later introduces more instrumentation that raises the chances of conflicts with other products, specifically security products. The following sections serve to increase transparency about our compatibility:

Tested Compatible

What we’ve tested directly that works:

Telemetry Evidence of Compatibility

What we have evidence of running without issue based upon XDR telemetry in the Secureworks® back end:

Known Incompatible

What we have confirmed have compatibility issues:

Note

Disabling Advanced Kernel Telemetry may enable you to troubleshoot interoperability issues resulting in BSOD or machines becoming inoperable. For more information, see Advanced Kernel Telemetry.

Likely Conflict

What we believe likely have issues based upon reports from the field:

Version 2.0.0 Remote Uninstall Issue

Remote uninstall of the Taegis™ Endpoint Agent version 2.0.0 is not consistently working.

Version 1.2.82 Configured Proxy Failure

For the Windows Taegis™ Endpoint Agent version 1.2.82, agent does not have a fallback for communications when connectivity via configured proxy fails.

Version 1.2.44 File Copy Performance Degradation

For the Windows Taegis™ Endpoint Agent version 1.2.44, file copy from hosts with agent installed degrades performance in some instances. This is resolved in Windows Taegis™ Endpoint Agent version 1.2.84 and later.

Connectivity Issue Caused by Windows Security Update

Microsoft has issued an out-of-band (OOB) non-security update to address an issue caused by the October 2022 Windows security updates that triggers SSL/TLS handshake failures on client and server platforms.

From Windows: "We fixed an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to send multiple frames followed by a partial frame with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, SEC_E_ILLEGAL_MESSAGE."

This issue has been found on the following releases and Windows has recommended the following OOB updates.

Release Out-of-Band Update Link
Windows 10 KB5020435 Microsoft Update Catalog
Windows 11 KB5020387 Microsoft Update Catalog
Server 2016 KB5020439 Microsoft Update Catalog
Server 2019 KB5020438 Microsoft Update Catalog
Server 2022 KB5020436 Microsoft Update Catalog

If you are having connectivity or any other issues, please reach out to our product support team via the chat functionality in Taegis™ XDR.

Veeam Backup and Recovery, Server, and DC Environments Known Conflict

The Taegis™ Endpoint Agent for Windows version 1.0.24 or older release running on a Windows Server with Veeam backup may cause performance degradation, system crashes, or reboots, depending on the number of jobs being run. The issue has been resolved for most environments by installing Taegis™ Endpoint Agent version 1.0.26 and assigning these server endpoints to a Server Tier group policy with the following instructions:

We do not recommend running older versions of the Taegis™ Endpoint Agent with Veeam Backup and Recovery on a Windows Server.

macOS

1.4.9

Linux

RHEL Kernel CVE Link Notes
RHEL8, kernel: 4.18.0-305.76.1.el8_4.x86_64 https://access.redhat.com/errata/RHSA-2023:0531 Although this references an rt kernel, we believe it affects all kernels of this version
RHEL8, kernel: 4.18.0-193.98.1.el8_2.x86_64 https://access.redhat.com/errata/RHSA-2023:0395
RHEL9, kernel: 5.14.0-70.43.1.el9_0.x86_64 https://access.redhat.com/errata/RHSA-2023:0526 Although this references an rt kernel, we believe it affects all kernels of this version

 

On this page: