Taegis Endpoint Agent Known Issues
Windows ⫘
Important
If you are experiencing a problem with Advanced Kernel Telemetry, one troubleshooting step to try is to uninstall third-party security products to triage and gather logs to help trace the issue to the root cause. This would be a temporary step to help isolate the issue so that the team can identify a fix.
Compatibility issues are often a result of multiple security products using the same points to hook into the operating system, causing conflicts with operations. Secureworks may need to work with the third-party vendor or others to identify and resolve the conflict.
Version 1.2.x and 2.x.x Compatibility Issues ⫘
The Windows Taegis Endpoint Agent version 1.2.x and later introduces more instrumentation that raises the chances of conflicts with other products, specifically security products. The following sections serve to increase transparency about our compatibility:
Tested Compatible ⫘
What we’ve tested directly that works:
- Bitdefender
- Windows Defender
- CrowdStrike
Telemetry Evidence of Compatibility ⫘
What we have evidence of running without issue based upon Secureworks® Taegis™ XDR telemetry in the Secureworks® back end:
- Qualys Agent
- Sophos File Scanner
- Sophos Network Threat Protection
- zScaler
- Lansweeper
- Confer (Carbon Black Defense)
- Checkpoint Endpoint Security
- SentinelOne
Known Incompatible ⫘
What we have confirmed have compatibility issues:
- Forcepoint Websense
- Palo Alto Cortex XDR
- 64-bit Firefox running on computers with Windows Defender enabled in some configurations
Note
Disabling Advanced Kernel Telemetry may enable you to troubleshoot interoperability issues resulting in BSOD or machines becoming inoperable. For more information, see Advanced Kernel Telemetry.
Likely Conflict ⫘
What we believe likely have issues based upon reports from the field:
- Windows Remote Desktop Protocol enabled
- CylancePROTECT
- Siemens PLC software
- Siemens STEP 7
- Siemens PLC SCADA
Version 2.0.4 Remote Uninstall Issue ⫘
Remote uninstall of the Taegis™ XDR Endpoint Agent version 2.0.4 is not consistently working.
Version 1.2.84 Intermittent Connectivity Issue ⫘
Intermittent network connectivity issues may occur with version 1.2.84 when running patches KB5035854, KB5035853, KB5035853, and KB5035845.
Version 1.2.82 Configured Proxy Failure ⫘
For the Windows Taegis Endpoint Agent version 1.2.82, agent does not have a fallback for communications when connectivity via configured proxy fails.
Version 1.2.44 File Copy Performance Degradation ⫘
For the Windows Taegis Endpoint Agent version 1.2.44, file copy from hosts with agent installed degrades performance in some instances. This is resolved in Windows Taegis Endpoint Agent version 1.2.84 and later.
Connectivity Issue Caused by Windows Security Update ⫘
Microsoft has issued an out-of-band (OOB) non-security update to address an issue caused by the October 2022 Windows security updates that triggers SSL/TLS handshake failures on client and server platforms.
From Windows: "We fixed an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to send multiple frames followed by a partial frame with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, SEC_E_ILLEGAL_MESSAGE."
This issue has been found on the following releases and Windows has recommended the following OOB updates.
| Release | Out-of-Band Update | Link |
|---|---|---|
| Windows 10 | KB5020435 | Microsoft Update Catalog |
| Windows 11 | KB5020387 | Microsoft Update Catalog |
| Server 2016 | KB5020439 | Microsoft Update Catalog |
| Server 2019 | KB5020438 | Microsoft Update Catalog |
| Server 2022 | KB5020436 | Microsoft Update Catalog |
If you are having connectivity or any other issues, please reach out to our product support team via the chat functionality in XDR.
Veeam Backup and Recovery, Server, and DC Environments Known Conflict ⫘
The Taegis Endpoint Agent for Windows version 1.0.24 or older release running on a Windows Server with Veeam backup may cause performance degradation, system crashes, or reboots, depending on the number of jobs being run. The issue has been resolved for most environments by installing Taegis Endpoint Agent version 1.0.26 and assigning these server endpoints to a Server Tier group policy with the following instructions:
- For new installations or reinstalling, create a new group with the Server Tier if needed, and use the group registration key during installation.
- For agents already installed, create a new group with the Server Tier if needed, and reassign agents to that group.
We do not recommend running older versions of the Taegis Endpoint Agent with Veeam Backup and Recovery on a Windows Server.
macOS ⫘
1.4.9 ⫘
- Tray and App no longer write to
/Library/Logs/, view using unified logger. This is a minor issue, as we rarely need to consult these logs for diagnosis. - Troubleshoot diagnostics may show errors for MDM configuration if settings are not in standard profiles.
Linux ⫘
- Secure Boot does not work on CentOS.
- Secure Boot does not work on RHEL.
- Unable to support the following RHEL kernels for CVEs. RHEL removed these kernels from package distribution, so we cannot pull in the kernel source to compile drivers. If you are on these kernels, we recommend you update as soon as possible.
| RHEL Kernel | CVE Link | Notes |
|---|---|---|
| RHEL8, kernel: 4.18.0-305.76.1.el8_4.x86_64 | https://access.redhat.com/errata/RHSA-2023:0531 | Although this references an rt kernel, we believe it affects all kernels of this version |
| RHEL8, kernel: 4.18.0-193.98.1.el8_2.x86_64 | https://access.redhat.com/errata/RHSA-2023:0395 | |
| RHEL9, kernel: 5.14.0-70.43.1.el9_0.x86_64 | https://access.redhat.com/errata/RHSA-2023:0526 | Although this references an rt kernel, we believe it affects all kernels of this version |
- No support for Secure Boot for CentOS and RHEL 7 for agent versions <1.1.