macOS Network Filter limited to no more than one active network service on M1 Mac

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

macOS Network Filter limited to no more than one active network service on M1 Mac

L0 Member

Hi,

 

I'm an enduser of Cortex XDR. Recently my workstation was migrated from an Intel MacBook Pro to a M1. During the migration process, both workstations were on macOS Monterey 12.3.1.

 

I've discovered on the M1 that with the Cortex XDR network filter present in Network, I cannot have more than one network service active. Examples:

 

  • wifi and ethernet active. Ethernet is set to have higher priority than wifi. When both are active, network activity stops until I disable wifi, or ethernet. While both services are active, the Ethernet service has a self-assigned IP.
  • wifi and iPhone USB active. Similar situation, if both are active, network activity stops.

I do not see this behaviour on my previous Intel workstation. This behaviour goes away if I remove the Cortex XDR network filter, although it adds itself back and I get a persistent prompt to allow it to filter network activity.

 

I would like a way to report this issue to support but cannot use the support portal. Please advise on alternate ways to report this issue. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

Hi Everyone, an update to what @bbarmanroy said. 
This indeed appears to be a known issue caused due to Apple's framework bug found in MacOS systems 10.15 and later.

Since the bug is in Apple's framework, the issue can only be fixed by Apple but we have a workaround for Cortex XDR. Agent versions 7.7 and later with Content Version 450 and later should be able to mitigate these issues.

Nevertheless, if this does not resolve the issue, please open a support ticket for a thorough analysis of the issue.

Improvise, Adapt, Overcome

View solution in original post

5 REPLIES 5

L2 Linker

@denis.wong 

Definitely support is the way to go so it can be track for investigation and enhancement if possible. 

Unfortunately, you need to have a standard support account, please reach out to your account super user/admin so you can be added to the account.

L5 Sessionator

This appears to be a known issue for certain Mac OSX endpoints and the issue seems to be a bug in OSX. Once you raise a support ticket, you should receive a support exception for OSX profiles. Your XDR administrator should apply that to the corresponding Mac OSX exceptions security profile for it to solve the issue on a tactical standpoint. 

L1 Bithead

Hi Everyone, an update to what @bbarmanroy said. 
This indeed appears to be a known issue caused due to Apple's framework bug found in MacOS systems 10.15 and later.

Since the bug is in Apple's framework, the issue can only be fixed by Apple but we have a workaround for Cortex XDR. Agent versions 7.7 and later with Content Version 450 and later should be able to mitigate these issues.

Nevertheless, if this does not resolve the issue, please open a support ticket for a thorough analysis of the issue.

Improvise, Adapt, Overcome

Thanks for this update! I can now confirm the issue has been resolved.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!