Benefits of upgrading to CylancePROTECT Desktop for Windows 3.x Skip Navigation

Benefits of upgrading to
CylancePROTECT Desktop
for
Windows
3.x

CylancePROTECT Desktop version 3.x represents a significant leap forward for the product, introducing new features and usability enhancements to keep your organization’s data and devices secure.
Upgrading to
CylancePROTECT Desktop
for
Windows
3.x will give you access to the following features:
Feature
Description
OS compatibility
The
Windows
3.x agent adds support for
Windows
11.
Memory protection enhancements
  • New capabilities have been added to violation types, resulting in the generation of more events.
  • The “Injection via APC” violation type is available in the memory protection settings of a device policy. This option enables
    CylancePROTECT Desktop
    to detect a process that is injecting arbitrary code into the target process using an asynchronous procedure call (APC). For more information, see KB 92422.
  • The “Memory Permission Changes in Child Processes” violation type is available in the memory protection settings of a device policy. This option enables
    CylancePROTECT Desktop
    to detect when a violating process has created a child process and has modified memory access permissions in that child process.
  • Improved usability for memory protection controls.
  • Improved detection of LSASS read violations for
    Windows
    devices.
  • The size limit for memory protection exclusions has been increased from 64 KB to 2 MB, allowing you to add more exclusions.
Script control enhancements
  • You can select whether you want
    CylancePROTECT Desktop
    to alert on or block
    Python
    (2.7, 3.0 to 3.8) and .NET DLR scripts (for example, IronPython), and you can turn off script control for these script types.
  • Embedded VB scripts that caused script control events were blocked in agent version 2.1.1580; detection of embedded VB script control violations has been disabled in agent 3.0.1000 and later.
Macro detection enhancements
  • In device policies, the macro detection feature for
    Windows
    devices has been moved from the Script Control tab to the Memory Actions tab (Exploitation > Dangerous VBA Macro) for devices running
    Windows
    agent version 2.1.158x or later. The previous script control option for 2.1.1578 and earlier supports the Alert and Block actions; the new memory protection option supports the Ignore, Alert, Block, and Terminate actions.
  • You can now add exclusions for the Dangerous VBA Macro violation type in the memory protection settings of a device policy.
  • Files that cause Dangerous VBA Macro violations are displayed in the management console, allowing you to identify offending documents and determine if you need to add them to the exclusion list.
Device control enhancements
You can now allow read-only access to the following USB device types:
  • Still image
  • USB CD/DVD RW
  • USB drive
  • VMware USB passthrough
  • Windows portable device
Global safe list enhancements
Adding a SHA256 hash to the global safe list for scripts now masks any block events related to that hash from appearing in the management console.
Logging changes
Important log entries have been moved from the Debug log level to the Info log level.
For more information about additional features for the latest 3.x agents, as well as a comprehensive list of fixed issues, see the Cylance Endpoint Security Release Notes.
To benefit from these enhancements and the improvements coming in future versions of
CylancePROTECT Desktop
,
BlackBerry
strongly recommends upgrading all devices with the 2.x.158x agent or earlier to the latest version of agent 3.x. This guide covers considerations and additional instructions for a successful upgrade.