- Using dashboards
- Managing alerts across Cylance Endpoint Security services
- Managing users, devices, and groups
- Manage CylancePROTECT Desktop and CylanceOPTICS devices
- Manage zones
- Manage devices with the CylancePROTECT Mobile app
- Manage CylancePROTECT Mobile app and CylanceGATEWAY users
- Managing CylanceAVERT users
- Manage user groups
- Configure device lifecycle management
- Remove a registered FIDO device for a user account
- Discover unprotected devices
- Managing threats detected by CylancePROTECT Desktop
- Managing threats detected by CylancePROTECT Mobile
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, or domain to a CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Monitoring network connections with CylanceGATEWAY
- Monitoring sensitive files with CylanceAVERT
- View mobile OS vulnerabilities
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
- Using the BlackBerry Support Collection Tool
- Removing the BlackBerry Connectivity Node software from Cylance Endpoint Security
- Troubleshooting CylancePROTECT Desktop
- Remove the CylancePROTECT Desktop agent from a device
- Re-register a Linux agent
- Troubleshoot update, status, and connectivity issues with CylancePROTECT Desktop
- A large number of DYLD Injection violations are reported by Linux devices
- Time zone variances for CylancePROTECT Desktop
- Folder exclusions when using CylancePROTECT Desktop with third-party security products
- Linux driver is not loaded. Upgrade the driver package.
- Troubleshooting CylanceOPTICS
Create a detection exception
To reduce false positives or duplicate events in your detection results, you can create exceptions for detection rules. When you create a detection exception, the specified processes will not be evaluated by the
CylanceOPTICS
detection engine. Use caution when you create detection exceptions, because they have the potential to reduce the overall security of devices.
If you create and enable a rule exception that uses only RegEx matches for conditions, it may cause higher than normal CPU usage on some systems with a consistently high number of events, due to the rule exception running on every event. If you encounter this issue,
BlackBerry
recommends disabling the rule exception that uses RegEx matches for conditions.
- In the management console, on the menu bar, clickCylanceOPTICS > Configurations.
- On theExceptionstab, clickCreate Exception.
- Type a name for the detection exception.
- In theConditionssection, configure exception conditions. ClickAdd Another Conditionto configure additional exceptions.In a detection exception, an AND statement is applied to all conditions. All conditions must be met for the exception to be true. When you specify a value for a condition, it is treated as an ANY statement. When two or more values are added, if any of the values exist, the condition is true.
- ClickSave.
On the menu bar, click
CylanceOPTICS > Configurations
, then click the Rule Sets
tab. Edit a detection rule set and assign the detection exception to the desired rules. Click Confirm
.