CylanceOPTICS release notes
CylanceOPTICS
release notesWhat's new in CylanceOPTICS (August 2023)
CylanceOPTICS
(August 2023)Feature | Description |
---|---|
Enhancements to advanced query | This release introduces the following enhancements to the advanced query feature in the management console:
For more information, see Create an advanced query in the Cylance Endpoint Security Administration content. |
What's new in CylanceOPTICS (April 2023)
CylanceOPTICS
(April 2023)Feature | Description |
---|---|
New audit log values for device lockdown configuration in syslog messages | The April update of the CylanceOPTICS cloud services adds new event name values to audit log messages that can be reported to SIEM solutions and syslog servers. The new Event Name fields are associated with the lockdown configuration feature:
For more information about audit log events, see the Cylance Syslog Guide. |
Lockdown configurations API | The Cylance User API now includes the lockdown configurations API. You can use this API to perform actions on partially locked devices, including:
For more information, see the Cylance User API Guide. |
What's new in CylanceOPTICS (December 2022)
CylanceOPTICS
(December 2022)Feature | Description |
---|---|
New OS support | This release adds support for the following operating systems:
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the Cylance Endpoint Security Setup content. |
CylanceOPTICS agent versions |
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the Cylance Endpoint Security Setup content. |
MSI installer | This release introduces a new MSI installer package that you can use to install the CylanceOPTICS agent version 3.2 on Windows devices.For more information about the OS commands supported by the MSI installer, see OS commands for the CylanceOPTICS agent in the Cylance Endpoint Security Setup content. |
What's new in CylanceOPTICS (October 2022)
CylanceOPTICS
(October 2022)Feature | Description |
---|---|
New OS support | This release adds support for the following operating systems:
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the Cylance Endpoint Security Setup content. |
CylanceOPTICS agent versions |
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix. For more information about OS requirements, see CylanceOPTICS requirements in the Cylance Endpoint Security Setup content. |
Customized partial lockdown | CylanceOPTICS version 3.1 introduced the partial lockdown feature for Windows devices. This release introduces the ability to create custom partial lockdown configurations that allow you to specify additional communication channels that you want to allow during a partial lockdown.For more information, see Lock a device in the Cylance Endpoint Security Administration content. |
Additional CylanceOPTICS administrator permissions | The July 2022 update of CylanceOPTICS introduced new administrator permissions that you could assign to roles to control how administrators engage with CylanceOPTICS . This release introduces additional CylanceOPTICS permission groups and sub-permissions, offering a greater level of access control and customization.If you previously granted an administrator role a CylanceOPTICS permission that was introduced in the July 2022 update, that role will be granted any associated sub-permissions that are introduced in this update. It is a best practice to review the CylanceOPTICS permissions that are introduced in this update so that you can make any adjustments that are appropriate for your organization's environment.For more information, see Permissions for administrator roles in the Cylance Endpoint Security Setup content. |
Syslog messages for the API sensor | The late October update of the CylanceOPTICS cloud services will add a new event type that can be reported to SIEM solutions and syslog servers, OpticsCaeApiEvent. This event type is used for events that are detected by the CylanceOPTICS agent’s optional API sensor. For more information about the API sensor, see CylanceOPTICS sensors in the Cylance Endpoint Security Setup content.For more information this new event type, see the Cylance Syslog Guide. |
New audit log values for device lockdown syslog messages | The mid-October update of the CylanceOPTICS cloud services adds new event name values to audit log messages that can be reported to SIEM solutions and syslog servers. The new Event Name fields are associated with the lockdown feature:
For more information about audit log events, see the Cylance Syslog Guide. |
Considerations when upgrading from CylanceOPTICS 2.5.x to 3.x
CylanceOPTICS
2.5.x to 3.x- For configuration requirements formacOSBig Sur (11.x) or Monterey (12.x), see the setup instructions in the Cylance Endpoint Security Setup Guide.
- If you do not set up a complete MDM profile for theCylanceOPTICSnetwork extension on devices withmacOSBig Sur (11.x) or later, data collection might not occur as expected. Verify that you satisfy the configuration requirements for MDM managed devices in the Cylance Endpoint Security Setup Guide.
- BlackBerryrecommends installing the latest available version of theCylancePROTECTagent. For more information, see the CylanceOPTICS requirements.
- OnmacOSdevices, after you upgrade theCylanceOPTICSagent you need to restart the device.
- OnmacOSCatalina, Mojave, and High Sierra devices with the SelfProtection level set to LocalSystem, if you upgrade fromCylanceOPTICSagent version 2.5.x to 3.x, the upgrade might not complete successfully. (EDR-7705)Workaround:Change the self protection level to LocalAdmin, then update theCylanceOPTICSagent.
- If you upgrade theCylanceOPTICSagent on a CentOS/RHEL 8.0 or 8.1 device, you must restart the device after the upgrade is complete. (EDR-6750)
- Upgrading theCylanceOPTICSagent onLinuxfrom version 2.x to a newer version fails if Security-Enhanced Linux (SELinux) is enabled on the device. (EDR-6264)Workaround:Disable SELinux on the device before you upgrade theCylanceOPTICSagent and enable it again after the upgrade is complete.
- When upgrading theCylanceOPTICSagent onWindows, to avoid an issue with theCylanceOPTICSshutdown time taking longer than usual, disable the TDT sensor in the device policy and enable it again after the upgrade is complete. This issue does not occur if you upgrade fromCylanceOPTICSagent version 2.5.3010 or fromCylanceOPTICSagent 3.0 to a later version. (EDR-6058)