Skip Navigation

BlackBerry Optics
requirements

Agents

Agent
Requirements
Protect
agent
  • You must install the
    Protect
    agent on a device before you install the
    Optics
    agent. If you want to use a combined installer for both agents, see the Protect Desktop Installation Guide.
  • BlackBerry
    recommends installing the latest available version of the
    Protect
    agent. The
    Optics
    agent requires the following minimum versions of the
    Protect
    agent:
    • Windows
      : 2.1.1570.x
    • macOS
      : 2.1.1590.512 or later
    • Linux
      : 2.1.1570.x or 2.1.1580.x (due to a known issue,
      Protect
      agent 2.1.1574.x is not supported for use with the
      Optics
      agent for
      Linux
      .)
Optics
agent
  • Optics
    agent version 3.0 or later is required to support automatically storing collected data in the
    Optics
    cloud database. Earlier versions of the agent store
    Optics
    data in a local database on the device.
  • In
    Optics
    agent 3.0 and later, the data that is collected by the
    Optics
    sensors is cached locally before it is sent to the
    Optics
    cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.
  • When you upgrade from version 2.x to 3.0 or later, the full contents of the
    Optics
    local database are uploaded to the cloud database in batches.
  • After you upgrade to version 3.0 or later, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.0, then install version 2.x.

Device OS

OS
Requirements
Required updates or configuration
Windows
Desktop
Windows
10 (32-bit, 64-bit)
  • 21H1
  • 20H2
  • 20H1
  • 19H2
  • v1903 (Redstone 6) and earlier
Windows
8.1 (32-bit, 64-bit)
Windows
7 SP1 (32-bit, 64-bit)
Windows Server
Windows Server
2019 (64-bit)
Windows Server
2016 (64-bit)
Windows Server
2012 R2 (64-bit)
Windows Server
2012 (64-bit)
Windows Server
2008 R2 (64-bit)
You must apply the Dec. 12, 2017 security update. For more information, see Microsoft KB4054518.
macOS
macOS
Big Sur (11.x)
Enable full disk access. For more information, see KB 66427.
macOS
Catalina (10.15)
Enable full disk access. For more information, see KB 66427.
macOS
Mojave (10.14)
Enable full disk access. For more information, see KB 66427.
macOS
High Sierra (10.13)
Linux
RHEL/CentOS 8.0 to 8.3
RHEL/CentOS 7.0 to 7.9
  • kernel-headers and kernel-devel are required. The version depends on the kernel installed. This is handled by the package manager during installation.
  • libelf (ELF library) is required. This is handled by the package manager during installation.
  • Firewalld must be enabled to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS and must be installed manually for
    Ubuntu
    and
    Amazon
    Linux
    .
Ubuntu
18.04
Ubuntu
16.04.03 to 16.04.06
SUSE Enterprise
Linux
12 SP2, SP3, SP4

Device hardware and software

Item
Requirements
CPU
In general use, as as low as 1% additional CPU.
For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload.
Memory
0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space
  • Minimum 1 GB
  • For
    Optics
    agent 2.x and earlier, 1 GB minimum is required for the local database.
  • For
    Optics
    agent 3.0 and later, 1 GB minimum is recommended for caching
    Optics
    sensor data before the device can upload the data to the
    Optics
    cloud database when it is online.

Administration

Item
Requirements
Supported browsers for the management console
Latest version of:
  • Google Chrome
    (recommended)
  • Mozilla Firefox
  • Microsoft Edge
Administrator roles
  • Administrators have global permissions and can see all threats, devices, and zones.
  • Users and zone managers have access only to the zones that they are assigned to. This applies to devices assigned to the zone, threats found on those devices, and the associated information on the dashboard.
  • Read-only users cannot access
    Optics
    features in the management console.
  • If you want administrators to use a custom role to manage
    Optics
    , you must enable
    Optics
    page access for that role.
Virtual machines
If you use
Optics
on a virtual machine,
BlackBerry
recommends disabling the WMI enhance introspection sensor to reduce the number of recorded events.
Firewall
Port 443 (HTTPS) must be open for the
Protect
and
Optics
agents to communicate with the management console.
Proxy
  • The
    Optics
    agent is proxy aware and will query the .NET framework to identify and use the available proxy settings. The agent will try to communicate first as the Local System, then as the currently logged in user.
  • Alternatively, you can configure the device registry to specify proxy settings that will be used by both the
    Protect
    agent and the
    Optics
    agent for outbound communication to
    BlackBerry
    servers. The proxy must accept unauthorized requests. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop and create String Value REG_SZ:
    • Value Name = ProxyServer
    • Value Data =
      <proxyIP:port>
      (for example, http://123.45.67.89:8080)
  • If you configure the
    Optics
    agent to use a proxy and the agent cannot communicate with the cloud services, the agent will attempt to bypass the proxy to make a direct connection. On
    Windows
    devices, you can disable this proxy bypass. Before you install the
    Optics
    agent on a device, in HKLM\SOFTWARE\Cylance\Optics\, create String Value REG_SZ:
    • Value Name = DisableProxyBypass
    • Value Data = True
  • To configure the
    Optics
    agent on a Linux machine to use a proxy, use the instructions from the
    Protect Desktop
    Installation Guide, Set an authenticated proxy server for Linux or Set an unauthenticated proxy server for Linux, with the following changes:
    • Replace all instances of "cylancesvc" with "cyoptics".
    • The
      Optics
      agent requires the https_proxy variable. Duplicate each http_proxy line and replace "http_proxy" with "https_proxy". In most cases https_proxy will use the same value as http_proxy because HTTPS traffic is tunneled using TCP Connect, but if your organization uses an HTTPS termination proxy server, specify the appropriate value for https_proxy.
Communication with OCSP server
When
Optics
creates a detection event that involves a signed file as an artifact, it uses a command from the
Windows
API to validate the signature or certificate. The command sends a validation request to an OCSP server. The OCSP server address is determined by
Windows
.
If your proxy server reports attempts to send external traffic to an OCSP server, update the proxy settings on devices to allow connections with the OCSP server.

Network

Optics
communicates over secure websockets (WSS) and must be able to establish this connection directly. Configure your organization's network to allow connections to the following domains.
The management console is hosted by AWS and does not have fixed IP addresses. You can allow HTTPS traffic to *.cylance.com. For the cylance-optics-files-use1.s3.amazonaws.com host (and similar hosts for other regions), it is recommended to allow that specific host. It is not recommended to allow *.amazonaws.com because it is not specific to the
Optics
host and can open your network to other hosts.
Region
Domains
Asia-Pacific Northwest
  • cement-apne1.cylance.com
  • cylance-optics-files-apne1.s3.amazonaws.com
  • opticspolicy-apne1.cylance.com
  • content-apne1.cylance.com
  • rrws-apne1.cylance.com
  • collector-apne1.cylance.com
Asia-Pacific Southeast
  • cement-apse2.cylance.com
  • cylance-optics-files-apse2.s3.amazonaws.com
  • opticspolicy-au.cylance.com
  • content-apse2.cylance.com
  • rrws-apse2.cylance.com
  • collector-apse2.cylance.com
Europe Central
  • cement-euc1.cylance.com
  • cylance-optics-files-euc1.s3.amazonaws.com
  • opticspolicy-euc1.cylance.com
  • content-euc1.cylance.com
  • rrws-euc1.cylance.com
  • collector-euc1.cylance.com
North America
  • cement.cylance.com
  • cylance-optics-files-use1.s3.amazonaws.com
  • opticspolicy.cylance.com
  • content.cylance.com
  • rrws-use1.cylance.com
  • collector.cylance.com
South America
  • cement-sae1.cylance.com
  • cylance-optics-files-sae1.s3.amazonaws.com
  • opticspolicy-sae1.cylance.com
  • content-sae1.cylance.com
  • rrws-sae1.cylance.com
  • collector-sae1.cylance.com