Skip Navigation

Lock a device

You can lock an infected or potentially infected device to stop command and control activity, the exfiltration of data, and the lateral movement of malware. You have the following lockdown options:
  • Full lockdown (all platforms): Disable the device's LAN and
    Wi-Fi
    network capabilities and prevent all communication between the device and the
    CylanceOPTICS
    cloud services. You can lock a device for up to 96 hours. You can use an unlock key to unlock the device before the end of the lockdown period.
  • Partial lockdown (
    CylanceOPTICS
    agent 3.1 or later for
    Windows
    only): Disable the device's LAN and
    Wi-Fi
    network capabilities and retain communication with the
    CylanceOPTICS
    cloud services, allowing
    CylanceOPTICS
    to continue to receive detections and sensor data. Partial lockdown persists indefinitely. You can unlock the device at any time using an unlock key or the remote unlock feature.
On
Linux
devices, firewalld must be enabled to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS, SUSE 15, and
Oracle
Linux
8, and must be installed manually for
Ubuntu
and
Amazon
Linux
2.
  1. In the management console, on the menu bar, click
    CylanceOPTICS > Devices
    .
  2. Click the device name.
  3. Do one of the following:
    Task
    Steps
    Fully lock a device (all platforms)
    1. In the
      Select Action
      drop-down list, click
      Lockdown
      .
    2. If it is a
      Windows
      device, in the drop-down list, click
      Full lockdown
      .
    3. Select a lockdown period.
    4. Click
      Confirm Lockdown
      .
    Partially lock a device (
    CylanceOPTICS
    agent 3.1 or later for
    Windows
    only)
    1. In the
      Select Action
      drop-down list, click
      Lockdown
      .
    2. Click
      Partial lockdown
      .
    3. Click
      Confirm Lockdown
      .
    To remotely unlock the device, click the device and in the
    Select Action
    drop-down list, click
    Unlock device
    . Confirm the remote unlock.
  4. If you want to manually unlock a fully or partially locked device, click
    Actions > Show Unlock Key
    . Copy the unique unlock key and run the following commands on the device:
    OS
    Commands
    Windows
    1. Navigate to the
      CylanceOPTICS
      executable folder (by default, C:\Program Files\Cylance\Optics).
    2. Run
      CyOptics.exe control --password
      <unlock_key>
      unlock -a
    macOS
    1. Run
      cd /Library/Application\ Support/Cylance/Optics/CyOptics.app/Contents/Resources
    2. Run
      sudo ../MacOS/CyOptics control --password
      <unlock_key>
      unlock -net
    Linux
    Run
    ./CyOptics control --password "password" unlock -net