BlackBerry Optics requirements
Required updates or configuration
Windows10 (32-bit, 64-bit)
Windows8.1 (32-bit, 64-bit)
Windows7 SP1 (32-bit, 64-bit)
Windows Server2019 (64-bit)
Windows Server2016 (64-bit)
Windows Server2012 R2 (64-bit)
Windows Server2012 (64-bit)
Windows Server2008 R2 (64-bit)
macOSBig Sur (11.x)
macOSHigh Sierra (10.13)
RHEL/CentOS 8.0 to 8.3
RHEL/CentOS 7.0 to 7.9
Ubuntu16.04.03 to 16.04.06
Linux12 SP2, SP3, SP4
Device hardware and software
In general use, as as low as 1% additional CPU.
For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload.
0.2 to 1.0 GB of additional memory, depending on the workload.
Supported browsers for the management console
Latest version of:
If you use
Opticson a virtual machine,
BlackBerryrecommends disabling the WMI enhance introspection sensor to reduce the number of recorded events.
Port 443 (HTTPS) must be open for the
Opticsagents to communicate with the management console.
Communication with OCSP server
Opticscreates a detection event that involves a signed file as an artifact, it uses a command from the
WindowsAPI to validate the signature or certificate. The command sends a validation request to an OCSP server. The OCSP server address is determined by
If your proxy server reports attempts to send external traffic to an OCSP server, update the proxy settings on devices to allow connections with the OCSP server.
Opticscommunicates over secure websockets (WSS) and must be able to establish this connection directly. Configure your organization's network to allow connections to the following domains.
The management console is hosted by AWS and does not have fixed IP addresses. You can allow HTTPS traffic to *.cylance.com. For the cylance-optics-files-use1.s3.amazonaws.com host (and similar hosts for other regions), it is recommended to allow that specific host. It is not recommended to allow *.amazonaws.com because it is not specific to the
Opticshost and can open your network to other hosts.