CylanceOPTICS release notes
CylanceOPTICS
release notesWhat's new in CylanceOPTICS (January 2024)
CylanceOPTICS
(January 2024)Feature | Description |
---|---|
CylanceOPTICS agent versions | This release includes the new CylanceOPTICS agent for Windows version 3.3.2311.0.For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. |
Enhancements to the logic and methods that CylanceOPTICS uses to identify security threats | CylanceOPTICS 3.3 features significant enhancements to the underlying logic and methods that the CylanceOPTICS cloud services and the CylanceOPTICS agent use to identify security threats. These changes include:
|
New sensors | This release of the CylanceOPTICS agent adds three new optional sensors for Windows devices:
These sensors require the CylancePROTECT Desktop agent version 3.2 or later.For more information, see CylanceOPTICS optional sensors in the Cylance Endpoint Security Setup content. |
Data enrichment for Windows events | Previously, the CylanceOPTICS agent collected the Provider Name, Class, and Event ID facets for Windows Event artifacts. This release adds significant data collection enhancements for Windows Events, with the agent collecting the data defined in the EventData facet of the artifact (for example, this can include ObjectServer, PrivilegeList, Process ID, Process Name, Service, or other facets).For more information, see Data structures that CylanceOPTICS uses to identify threats in the Cylance Endpoint Security Setup content. |
What's new in CylanceOPTICS (August 2023)
CylanceOPTICS
(August 2023)Feature | Description |
---|---|
Enhancements to advanced query | This release introduces the following enhancements to the advanced query feature in the management console:
For more information, see Create an advanced query in the Cylance Endpoint Security Administration content. |
What's new in CylanceOPTICS (April 2023)
CylanceOPTICS
(April 2023)Feature | Description |
---|---|
New audit log values for device lockdown configuration in syslog messages | The April update of the CylanceOPTICS cloud services adds new event name values to audit log messages that can be reported to SIEM solutions and syslog servers. The new Event Name fields are associated with the lockdown configuration feature:
For more information about audit log events, see the Cylance Syslog Guide. |
Lockdown configurations API | The Cylance User API now includes the lockdown configurations API. You can use this API to perform actions on partially locked devices, including:
For more information, see the Cylance User API Guide. |
Considerations when upgrading from CylanceOPTICS 2.5.x to 3.x
CylanceOPTICS
2.5.x to 3.x- For configuration requirements formacOSBig Sur (11.x) or Monterey (12.x), see the setup instructions in the Cylance Endpoint Security Setup Guide.
- If you do not set up a complete MDM profile for theCylanceOPTICSnetwork extension on devices withmacOSBig Sur (11.x) or later, data collection might not occur as expected. Verify that you satisfy the configuration requirements for MDM managed devices in the Cylance Endpoint Security Setup Guide.
- BlackBerryrecommends installing the latest available version of theCylancePROTECTagent. For more information, see the CylanceOPTICS requirements.
- OnmacOSdevices, after you upgrade theCylanceOPTICSagent you need to restart the device.
- OnmacOSCatalina, Mojave, and High Sierra devices with the SelfProtection level set to LocalSystem, if you upgrade fromCylanceOPTICSagent version 2.5.x to 3.x, the upgrade might not complete successfully. (EDR-7705)Workaround:Change the self protection level to LocalAdmin, then update theCylanceOPTICSagent.
- If you upgrade theCylanceOPTICSagent on a CentOS/RHEL 8.0 or 8.1 device, you must restart the device after the upgrade is complete. (EDR-6750)
- Upgrading theCylanceOPTICSagent onLinuxfrom version 2.x to a newer version fails if Security-Enhanced Linux (SELinux) is enabled on the device. (EDR-6264)Workaround:Disable SELinux on the device before you upgrade theCylanceOPTICSagent and enable it again after the upgrade is complete.
- When upgrading theCylanceOPTICSagent onWindows, to avoid an issue with theCylanceOPTICSshutdown time taking longer than usual, disable the TDT sensor in the device policy and enable it again after the upgrade is complete. This issue does not occur if you upgrade fromCylanceOPTICSagent version 2.5.3010 or fromCylanceOPTICSagent 3.0 to a later version. (EDR-6058)