Troubleshooting CylancePROTECT Desktop 3.x

Windows

Issue	Solution
The following error displays when you try to save a device policy after adding memory protection exclusions: “Could not save policy. Please try again”.	If the exclusion path includes a wildcard value that uses a single asterisk (), modify the wildcard to add an additional asterisk (*), then try to save the policy again. For more information, see KB 94518.
The CylancePROTECT Desktop 3.0.1000 agent creates a large number of temporary files in the Windows temporary file directories.	Upgrade to agent 3.0.1005 or later. For more information, see KB 94849.
An unexpected number of processes are blocked after upgrading to CylancePROTECT Desktop 3.x.	For guidance and best practices, see KB 85991.

Linux

Issue	Solution
“Operation not permitted” errors when you try to install CylancePROTECT drivers	One of the following errors (or a similar error) displays in the Linux terminal when you install the CylancePROTECT drivers: modprobe: ERROR: could not insert 'CyProtectDrvOpen': Operation not permitted modprobe: ERROR: could not insert 'CyProtectDrv': Operation not permitted Key was rejected by service This error typically occurs when you try to install Linux drivers on a device that has Secure Boot enabled. For more information, see KB 73487.
Virtualization issues	The CylancePROTECT Desktop agent for Linux uses the BIOS serial number and the unique ID generated by dbus (machine-id) to generate a device fingerprint. Issues may occur in some VM environments that use a gold image. Linux machines that are generated from the gold image may retain identical BIOS serial numbers and IDs generated by dbus. This can cause VMs to check into the same device on the console instead of registering as a unique device. When encountering this issue, it is recommended to check the BIOS serial numbers and machine-ids of the cloned machine to ensure that these values are unique for each machine. For more information, see KB 66123.

Issue

Solution

“Operation not permitted” errors when you try to install

CylancePROTECT

drivers

One of the following errors (or a similar error) displays in the

Linux

terminal when you install the

CylancePROTECT

drivers:

modprobe: ERROR: could not insert 'CyProtectDrvOpen': Operation not permitted
modprobe: ERROR: could not insert 'CyProtectDrv': Operation not permitted
Key was rejected by service

This error typically occurs when you try to install

Linux

drivers on a device that has Secure Boot enabled. For more information, see KB 73487.

Virtualization issues

The

CylancePROTECT Desktop

agent for

Linux

uses the BIOS serial number and the unique ID generated by dbus (machine-id) to generate a device fingerprint. Issues may occur in some VM environments that use a gold image.

Linux

machines that are generated from the gold image may retain identical BIOS serial numbers and IDs generated by dbus. This can cause VMs to check into the same device on the console instead of registering as a unique device.

When encountering this issue, it is recommended to check the BIOS serial numbers and machine-ids of the cloned machine to ensure that these values are unique for each machine. For more information, see KB 66123.

macOS

Issue	Solution
System Extension is blocked when the CylancePROTECT Desktop agent runs	After upgrading a CylancePROTECT Desktop device with macOS 11.15.0 to a later macOS version, the following error occurs: “System Extension Blocked. A Program tried to load new system(s) signed by "Cylance, Inc." That needs to be updated by the developer.” This issue occurs because System Extensions must be enabled for the CylancePROTECT Desktop agent. Users must navigate to System Preferences > Security & Privacy, then click Allow for the Cylance extension. Organizations that are using JAMF to deploy CylancePROTECT Desktop may need to allow users to approve system extensions from within the JAMF configuration, using the following settings: Enable “Allow users to approve system extensions” Under “Allowed Team IDs and System Extensions”: Display Name: Cylance Protect System Extension Types: Allowed System Extensions Team Identifier: 6ENJ69K633 Allowed system extensions: com.cylance.CylanceEndpointSecurity.extension

Issue

Solution

System Extension is blocked when the

CylancePROTECT Desktop

agent runs

After upgrading a

CylancePROTECT Desktop

device with

macOS

11.15.0 to a later

macOS

version, the following error occurs: “System Extension Blocked. A Program tried to load new system(s) signed by "Cylance, Inc." That needs to be updated by the developer.”

This issue occurs because System Extensions must be enabled for the

CylancePROTECT Desktop

agent. Users must navigate to System Preferences > Security & Privacy, then click Allow for the Cylance extension.

Organizations that are using JAMF to deploy

CylancePROTECT Desktop

may need to allow users to approve system extensions from within the JAMF configuration, using the following settings:

Enable “Allow users to approve system extensions”

Under “Allowed Team IDs and System Extensions”:

Display Name: Cylance Protect

System Extension Types: Allowed System Extensions

Team Identifier: 6ENJ69K633

Allowed system extensions: com.cylance.CylanceEndpointSecurity.extension