07-31-2024 04:11 AM
Hi, we are experiencing issues with Cortex XDR agent version 8.5 on our PrintServer
We had agents running version 8.4.0 without any errors, but after upgrading to version 8.5, we started encountering printing problems on the servers.
The error is:
Faulting application name: spoolsv.exe, version: 10.0.20348.2520, time stamp: 0xf42f642e
Faulting module name: cyvrtrap.dll, version: 8.5.0.624, time stamp: 0x667afdda
Exception code: 0xc0000005
Fault offset: 0x00000000000175d1
Faulting process id: 0x918
Faulting application start time: 0x01dae31a6de2d7f5
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\System32\cyvrtrap.dll
Report Id: bf90e8c4-a947-4847-9edd-48c6706ab41d
Faulting package full name:
Faulting package-relative application ID:
Description
Faulting Application Path: C:\Windows\System32\spoolsv.exe
Problem signature
Problem Event Name: APPCRASH
Application Name: spoolsv.exe
Application Version: 10.0.20348.2520
Application Timestamp: f42f642e
Fault Module Name: cyvrtrap.dll
Fault Module Version: 8.5.0.624
Fault Module Timestamp: 667afdda
Exception Code: c0000005
Exception Offset: 00000000000175d1
OS Version: 10.0.20348.2.0.0.272.7
Locale ID: 2070
Additional Information 1: a05f
Additional Information 2: a05f0e1b979524cc3cc963c0ea8f0464
Additional Information 3: ee13
Additional Information 4: ee13297de7379ae6d761eff553d5237f
In the Cortex portal, we don't see any blocks or alerts. However, this issue only occurs with version 8.5 on our various print servers.
Right now, i do the downgrade version to 8.4 , and everything works.
the problem is only on version 8.5.0.Someone have the same issue??
07-31-2024 05:09 AM
Hi @tlmarques, thanks for reaching us using the Live Community.
The 8.5 Agent version adds a device control option to manage Print Jobs. Details here in Feature Enhancements: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes/June-2024
Please open a TAC case to investigate further.
If this post answers your question, please mark it as the solution.
07-31-2024 06:08 AM
ok, but this option is default or we need config something on agent/malware profiles?
07-31-2024 06:29 AM
By default this is disabled, and to be enabled you need to assign an Extensions Profile with the required settings. But anyway, the agent may be loading the component to work with this feature and might be causing an issue in your server, that's why I recommend you to open a support case.
07-31-2024 06:42 AM
I don't use the Extensions Profile, but you might be right. The agent could be loading the component to work with this feature, which might be causing an issue on the server.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
