XDR Deployment – Version 8.6 Not Showing Up

chickenriceandbeans · ‎02-26-2026

Hi,

Why is the new 8.6 version not visible in the XDR deployment section? I can see it in the Secure Endpoint interface and I’m able to activate it in my test policies.

I am planning to create a new deployment package, but the 8.6 version does not appear as an available option.

Kind regards,

Roman Valenta · ‎02-26-2026

This is because XDR is pulling data from different place in the cloud and it usually takes few days to populate the new versions through out the cloud. In other words XDR will get the newest version update later.

You will always see the new release first in the dedicated portal, in your case SE Portal or software.cisco.com.

Also any special or custom releases now I'm talking about Secure Endpoint that will be activated for your ORG as part of troubleshooting for example will also not show in XDR under deployment. Only actual GA version will show in XDR.

Ken Stieers · ‎02-26-2026

Hey Roman...

Is that documented anywhere? Might need to go into XDR docs/faq?

Ken

Roman Valenta · ‎02-26-2026

Hi Ken,

No this is not unfortunately documented anywhere. It's basically due to the nature how XDR deployment is created on the back end when you built one and because of that it has to go through separate "burn-in" process

SE will request from XDR to merge the connectors (or EVEM, AC, etc.) and to be added to the catalogue once its done XDR Engineering needs to test the new modules to make sure they pull in correctly and then it gets published to XDR. From what I seen the whole process usually takes about week +- couple days. For the 8.6.0 since is already Thursday I would expect to show up early next week. I think it was submitted recently since the deployment went in on Tuesday.

Hope this helps...

Roman Valenta · ‎03-02-2026

Just to finalize this thread. The Secure Endpoint is now available in XDR.

chickenriceandbeans · ‎03-02-2026

In XDR, I had selected 8.5.0 in Custom Deploy. When 8.6.0 was released, all groups automatically moved to 8.6.0.

Why did this happen?

This is something I always do — I explicitly select the version and I know exactly what I choose. But suddenly all my packages were upgraded to 8.6.0 without me changing anything.

Roman Valenta · ‎03-03-2026

When you say explicitly I would assume that under Version Control you see just the version alone like in this picture.

If that's the case please open TAC case so we can investigate.

However if you see anything like this picture where the version has prefix Latest

That settings means that you want to be on the latest release the moment its released in the production automatically and this is very much expected. Me personally I would not recommend this setting for anything major like Secure Client aka Anyconnect or Secure Endpoint. Actually the only one that I will leave like that is Cloud Management the rest I would ensure is on version only without prefix Latest

chickenriceandbeans · ‎03-03-2026

I had already selected a specific version — the latest available at that time was 8.5.0.

Despite that, it still upgraded to 8.6.0. I did not select anything like “Latest” or enable automatic upgrade to the newest release.

Maybe the interface needs to be improved. When I see “Latest” and click on it, I would expect it to install the version that is currently the latest at that moment. For example, today 8.5.0 is the latest for me — tomorrow 8.6.0 becomes the latest — but I may still want to stay on 8.5.0.

Roman Valenta · ‎03-03-2026

Again Latest 8.5.0 is different than 8.5.0 the word Latest is a variable... in other words if latest today is 8.5.0 but over night we add 8.6.0 the policy with Latest 8.5.0 upgrade simply because Latest is no longer 8.5.0 but 8.6.0 and you will upgrade because that's what Latest means and this is expected ... if you don't want this to happened don't select Latest and select static version (NUMBER ONLY) if you you do not want to auto-update. There will be ALWAYS two latest version available in the drop down menu.

Latest (8.6.0.305781) -- > will auto change to the next latest once released
8.6.0.305781 ---------- > will stay on 8.6.0 regardless which version is latest

This setting is not the same

as this

The first setting means if we release 8.7.0 it will auto-update to 8.7.0 the second picture will stay on 8.6.0 until you make the change and save the deployment manually. Again two completely different settings even if both have same connector currently listed.

If you had selected under Version Control 8.5.0 and not Latest 8.5.0 and it did update open TAC case and submit logs we will be able to determine what was selected and if there was any issue. I just check my ORG where I was on 8.5.0 and it didn't update .

chickenriceandbeans · ‎03-03-2026

Thanks for the clarification. I now understand the difference between Latest (variable) and the static version number.

What caused the confusion for me was mainly the UI layout. The static version numbers are listed at the bottom of the list, while the Latest option appears at the top with the same version number. When someone sees Latest 8.5.0, it is very easy to assume that it simply means the current latest 8.5.0 build, not that it is actually a dynamic variable that will automatically move to the next release.

In other words, the interface makes it look like both options represent the same thing, even though their behavior is completely different.

I later noticed that the static versions are available further down in the list, but the placement makes this easy to miss. From a usability perspective it might be clearer if:

• Static versions (number only) were displayed at the top
• The Latest option was visually separated or placed in a different section
• Or a toggle such as “Always use latest version” was used instead of mixing it with fixed versions

I also created a small example UI design below to illustrate how this could be presented in a clearer way.

I believe this kind of layout would reduce confusion, because the current interface can easily lead administrators to unintentionally select a dynamic version instead of a fixed one.

Thanks again for explaining the behavior.

I designed an example interface concept. In my opinion, Cisco should definitely implement something like this, because I believe there are at least thousands of people around the world experiencing the same confusion. The current behavior is quite misleading, and I think it’s very important that the UI design is clearer and more intuitive.

If I want automatic updates, I should simply be able to click a button like “Always Use Latest Version”, and then the system would always update to the newest release automatically.

Another thing that feels strange is that version control exists in two different places: one in the package configuration and another in the Secure Endpoint policy. Why are there two separate controls for the same thing? In my opinion, version management should be handled from a single place.

For example, if I set the policy to 8.5, but the package version is 8.6, the system should not allow that configuration. Policies should either always be managed from Secure Endpoint or from one single centralized location, to avoid conflicting settings.

Roman Valenta · ‎03-05-2026

Glad that we are now on same page. 😉

As far for you proposal I completely get the point and trust me you are not the only one who made that mistake and probably not the last one. For me from the security stand point ... I'm more of "Balanced Model" guy rather then "Security over Productivity" model so before I update I usually give the new upgrade/update some burn time in the filed to see if any major bug resurface:-)

As far for your product request two things you can do.

#1: Open a TAC case and request to file feature request based on your feedback. These are tracked internally by proper Developers teams .

#2: Talk to your account team and let them file the FR for you.

Both are totally acceptable methods how to make your voice heard.