CylanceOPTICS release notes Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Release Notes
  4. CylanceOPTICS release notes

CylanceOPTICS
 release notes

What's new in
CylanceOPTICS
 (August 2023)

Feature
Description
Enhancements to advanced query
This release introduces the following enhancements to the advanced query feature in the management console:
  • As you type the EQL syntax for a query, syntax options and validation messages will display to help you build your query.
  • You can now schedule the execution of an advanced query for a specific date and time, and you can schedule a query to run on a regular interval.
  • When you set the scope of your query to specific devices, an icon displays indicating whether each device is online.
  • New options to filter query results.
  • When you select a result and open the fly-out menu, you can view additional event data and filter the query results to show matches for one or more facets.
  • Various UI improvements make it easier for you to add a query, copy a query, and apply and clear zones, devices, and filters for queries.
  • You can now export the results of a query to a CSV file.
For more information, see Create an advanced query in the
Cylance Endpoint Security
 Administration content.

What's new in
CylanceOPTICS
 (April 2023)

Feature
Description
New audit log values for device lockdown configuration in syslog messages
The April update of the
CylanceOPTICS
 cloud services adds new event name values to audit log messages that can be reported to SIEM solutions and syslog servers. The new Event Name fields are associated with the lockdown configuration feature:
  • LockdownConfigurationAdd
  • LockdownConfigurationEdit
  • LockdownConfigurationDelete
For more information about audit log events, see the Cylance Syslog Guide.
Lockdown configurations API
The
Cylance
 User API now includes the lockdown configurations API. You can use this API to perform actions on partially locked devices, including:
  • Getting a list of custom partial lockdown profiles
  • Creating a custom partial lockdown profile
  • Updating a custom partial lockdown profile
  • Deleting a custom partial lockdown profile
For more information, see the Cylance User API Guide.

What's new in
CylanceOPTICS
 (December 2022)

Feature
Description
New OS support
This release adds support for the following operating systems:
  • macOS
     Ventura (13.x)
  • SUSE Enterprise
    Linux
     15 SP4
  • Oracle
    Linux
     Server 7 (non-UEK)
  • Debian 11
  • Debian 10
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the
Cylance Endpoint Security
 Setup content.
CylanceOPTICS
 agent versions
  • Windows
    : 3.2.1299.0
  • macOS
    : 3.2.1299.5000
  • Linux
     RHEL/CentOS 8: 3.2.1299-23000
  • Linux
     RHEL/CentOS 7: 3.2.1299-7000
  • Amazon
    Linux
     2: 3.2.1299-15000
  • Linux
     SLES15: 3.2.1299-29000
  • Linux
     SLES12: 3.2.1299-21000
  • Ubuntu
     20.04: 3.2.1299-25000
  • Ubuntu
     18.04: 3.2.1299-17000
  • Oracle
    Linux
     Server 8 / UEK 8: 3.2.1299-37000
  • Oracle
    Linux
     Server 7: 3.2.1299-35000
  • Debian 11: 3.2.1299-49000
  • Debian 10: 3.2.1299-47000
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the
Cylance Endpoint Security
 Setup content.
MSI installer
This release introduces a new MSI installer package that you can use to install the
CylanceOPTICS
 agent version 3.2 on
Windows
 devices.
For more information about the OS commands supported by the MSI installer, see OS commands for the CylanceOPTICS agent in the
Cylance Endpoint Security
 Setup content.

What's new in
CylanceOPTICS
 (October 2022)

Feature
Description
New OS support
This release adds support for the following operating systems:
  • Windows
     11 22H2
  • Windows
     10 22H2
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the
Cylance Endpoint Security
 Setup content.
CylanceOPTICS
 agent versions
  • Windows
    : 3.2.1140.0
  • macOS
    : 3.2.1140.5000
  • Linux
     RHEL/CentOS 8: 3.2.1140-23000
  • Linux
     RHEL/CentOS 7: 3.2.1140-7000
  • Amazon
    Linux
     2: 3.2.1140-15000
  • Linux
     SLES15: 3.2.1140-29000
  • Linux
     SLES12: 3.2.1140-21000
  • Ubuntu
     20.04: 3.2.1140-25000
  • Ubuntu
     18.04: 3.2.1140-17000
  • Oracle
    Linux
     Server 8 / UEK 8: 3.2.1140-37000
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the
Cylance Endpoint Security
 Setup content.
Customized partial lockdown
CylanceOPTICS
 version 3.1 introduced the partial lockdown feature for Windows devices. This release introduces the ability to create custom partial lockdown configurations that allow you to specify additional communication channels that you want to allow during a partial lockdown.
For more information, see Lock a device in the
Cylance Endpoint Security
 Administration content.
Additional
CylanceOPTICS
 administrator permissions
The July 2022 update of
CylanceOPTICS
 introduced new administrator permissions that you could assign to roles to control how administrators engage with
CylanceOPTICS
. This release introduces additional
CylanceOPTICS
 permission groups and sub-permissions, offering a greater level of access control and customization.
If you previously granted an administrator role a
CylanceOPTICS
 permission that was introduced in the July 2022 update, that role will be granted any associated sub-permissions that are introduced in this update. It is a best practice to review the
CylanceOPTICS
 permissions that are introduced in this update so that you can make any adjustments that are appropriate for your organization's environment.
For more information, see Permissions for administrator roles in the
Cylance Endpoint Security
 Setup content.
Syslog messages for the API sensor
The late October update of the
CylanceOPTICS
 cloud services will add a new event type that can be reported to SIEM solutions and syslog servers, OpticsCaeApiEvent. This event type is used for events that are detected by the
CylanceOPTICS
 agent’s optional API sensor. For more information about the API sensor, see CylanceOPTICS sensors in the
Cylance Endpoint Security
 Setup content.
For more information this new event type, see the Cylance Syslog Guide.
New audit log values for device lockdown syslog messages
The mid-October update of the
CylanceOPTICS
 cloud services adds new event name values to audit log messages that can be reported to SIEM solutions and syslog servers. The new Event Name fields are associated with the lockdown feature:
  • DeviceUnlock
  • DeviceChangeLockdownProfile
For more information about audit log events, see the Cylance Syslog Guide.

Considerations when upgrading from
CylanceOPTICS
 2.5.x to 3.x

  • For configuration requirements for
    macOS
     Big Sur (11.x) or Monterey (12.x), see the setup instructions in the Cylance Endpoint Security Setup Guide.
  • If you do not set up a complete MDM profile for the
    CylanceOPTICS
     network extension on devices with
    macOS
     Big Sur (11.x) or later, data collection might not occur as expected. Verify that you satisfy the configuration requirements for MDM managed devices in the Cylance Endpoint Security Setup Guide.
  • BlackBerry
     recommends installing the latest available version of the
    CylancePROTECT
     agent. For more information, see the CylanceOPTICS requirements.
  • On
    macOS
     devices, after you upgrade the
    CylanceOPTICS
     agent you need to restart the device.
  • On
    macOS
     Catalina, Mojave, and High Sierra devices with the SelfProtection level set to LocalSystem, if you upgrade from
    CylanceOPTICS
     agent version 2.5.x to 3.x, the upgrade might not complete successfully. (EDR-7705)
    Workaround:
     Change the self protection level to LocalAdmin, then update the
    CylanceOPTICS
     agent.
  • If you upgrade the
    CylanceOPTICS
     agent on a CentOS/RHEL 8.0 or 8.1 device, you must restart the device after the upgrade is complete. (EDR-6750)
  • Upgrading the
    CylanceOPTICS
     agent on
    Linux
     from version 2.x to a newer version fails if Security-Enhanced Linux (SELinux) is enabled on the device. (EDR-6264)
    Workaround:
     Disable SELinux on the device before you upgrade the
    CylanceOPTICS
     agent and enable it again after the upgrade is complete.
  • When upgrading the
    CylanceOPTICS
     agent on
    Windows
    , to avoid an issue with the
    CylanceOPTICS
     shutdown time taking longer than usual, disable the TDT sensor in the device policy and enable it again after the upgrade is complete. This issue does not occur if you upgrade from
    CylanceOPTICS
     agent version 2.5.3010 or from
    CylanceOPTICS
     agent 3.0 to a later version. (EDR-6058)