On macOS devices with Apple silicon processors such as M1, desktop pop-up notifications are not appearing when Aurora Focus detections are triggered and reported to the console. (AED-5737)

If you are using a proxy application and the device is partially locked down, the agent could not communicate with the Aurora Endpoint Defense cloud and runs in offline mode. (EDR-21681)

When using Aurora Focus with vulnerability scanners such as Rapid7, during the vulnerability scan, the Focus Agent uses more CPU than expected when processing exclusions. (EDR-21660)

Proxy configuration through the Windows OS settings is not a supported configuration method, even though it may have behaved properly with Aurora Focus Agent 3.3 and earlier. Starting with Aurora Focus Agent 3.4, you must configure the proxy settings using the Aurora Protect registry key. (EDR-21506).

On some devices running Windows 10 or Windows Server 2019, the process handle count for the Focus Agent is sometimes higher than expected. (EDR-21189, EDR-20619)

Sometimes when upgrading or downgrading from Aurora Focus Agent version 3.3, the update might be attempted before the device is ready and all agent processes are shutdown. The rollbacks are unsuccessful, leaving Aurora Focus non-functional. (EDR-21236)

While loading file signatures the Aurora Focus agent locks the files, preventing other applications from modifying the file. (AED-4290)

Workaround: Create a detection exception in the console.

The Aurora Focus agent for Linux version 3.3 may return higher degradation than expected for nginx performance. (EDR-20098)

If you send the "Cylance - Browser History" package to Aurora Focus devices, the data collection does not work on macOS or Linux devices that have the Chrome or Safari browser open. (EDR-18709)

Workaround: Instruct device users to close the browser session and send the package again.

The Aurora Focus agent version 3.3 added support for the Aurora Focus network sensor on Linux operating systems. Older distributions such as RHEL/CentOS 7.9 and earlier or OracleLinux Server (non-UEK) 7.9 and earlier that use kernels prior to 4.4 will not record IGMP or DNS. (EDR-17963, EDR-17964)

Due to a defect in macOS Ventura 13.0.0, if the Aurora Focus agent is installed on a device with macOS 13.0.0 or an Aurora Focus device is upgraded to macOS 13.0.0, the Aurora Focus agent may not be able to detect events. (EDR-14879)

Workaround: To prevent this issue from occurring, install the agent on macOS Ventura 13.0.1 or later or upgrade directly to macOS Ventura 13.0.1 or later instead of 13.0.0. If you upgrade from 13.0.0 to 13.0.1 or later, remove the agent and install it again. If installing on 13.0.1 or later or upgrading to 13.0.1 or later is not possible at this time, remove full disk access for CyOptics and CyOpticsESFLoader then add full disk access for both again and restart the device.

(EDR-11155)

When you try to unlock a partially locked device from the management console, it may not unlock as expected. This issue occurs intermittently. (EDRCLO-224, EDR-9690)

Workaround: Wait five minutes and then try to unlock the device again from the management console (Select Action > Unlock device), or use the unlock key.

The refract package for browser history that is available in the management console does not collect the expected data on Linux devices. (EDR-6917)