Skip Navigation

CylanceOPTICS
release notes

What's new in
CylanceOPTICS
(December 2024)

Feature
Description
New
Windows
agent
The
CylanceOPTICS
agent for
Windows
version 3.3.3120 is now available in the management console.
For more information about the fixes in this release, see CylanceOPTICS fixed issues.

What's new in
CylanceOPTICS
(September 2024)

Feature
Description
New agents for
macOS
and
Linux
The following versions of the
CylanceOPTICS
agent are now available in the management console:
  • macOS
    : 3.3.2708.5000
  • Linux
    RHEL/CentOS 8: 3.3.2758-23000
  • Linux
    RHEL/CentOS 7: 3.3.2758-7000
  • Amazon
    Linux
    2: 3.3.2758-15000
  • Linux
    SLES15: 3.3.2758-29000
  • Linux
    SLES12: 3.3.2758-21000
  • Ubuntu
    22.04: 3.3.2758-51000
  • Ubuntu
    20.04: 3.3.2758-25000
  • Ubuntu
    18.04: 3.3.2758-17000
  • Debian
    11: 3.3.2758-49000
  • Debian
    10: 3.3.2758-47000
  • Oracle
    Linux
    Server 8 / UEK 8: 3.3.2758-37000
  • Oracle
    Linux
    Server 7 / UEK 7: 3.3.2758-35000
Support for
macOS
15 (Sequoia)
This release of the
CylanceOPTICS
agent for
macOS
adds support for
macOS
15 (Sequoia).

What's new in
CylanceOPTICS
(August 2024)

Feature
Description
New
Windows
agents
The following versions of the
CylanceOPTICS
agent for
Windows
are now available in the management console:
  • CylanceOPTICS
    agent for
    Windows
    3.3.2779
  • CylanceOPTICS
    agent for
    Windows
    3.2.1327
These releases of the
CylanceOPTICS
agent address a security vulnerability that is present in the .msi file for previous agent versions. For more information, see KB 139918. If you update the
CylanceOPTICS
agent to a version listed above using the standard update process available in the Cylance console, note that the .msi file with the security vulnerability will still be present on
CylanceOPTICS
devices. To update the agent and address the vulnerability, you must do one of the following:
  • Remove the
    CylanceOPTICS
    agent from devices, then install the latest 3.2 or 3.3 version listed above.
  • Use the
    CylanceOPTICS
    Patch Tool (see KB 139918) to remove the
    CylanceOPTICS
    agent and all associated files from the device and complete a new install of the latest 3.2 or 3.3 agent listed above. If you use the Patch Tool you to not need to manually remove and then install the agent, as the tool will complete these actions.
    BlackBerry
    recommends this update method as the Patch Tool has been built and tested with all the necessary security precautions and will work with any configuration of the
    CylancePROTECT Desktop
    agent.

What's new in
CylanceOPTICS
(June 2024)

Feature
Description
New agents for
macOS
and
Linux
  • macOS
    : 3.3.2570.5000
  • Linux
    RHEL/CentOS 8: 3.3.2570-23000
  • Linux
    RHEL/CentOS 7: 3.3.2570-7000
  • Amazon
    Linux
    2: 3.3.2570-15000
  • Linux
    SLES15: 3.3.2570-29000
  • Linux
    SLES12: 3.3.2570-21000
  • Ubuntu
    22.04: 3.3.2570-51000
  • Ubuntu
    20.04: 3.3.2570-25000
  • Ubuntu
    18.04: 3.3.2570-17000
  • Debian
    11: 3.3.2570-49000
  • Debian
    10: 3.3.2570-47000
  • Oracle
    Linux
    Server 8 / UEK 8: 3.3.2570-37000
  • Oracle
    Linux
    Server 7 / UEK 7: 3.3.2570-35000
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix.
Changes to OS support
This release adds support for the following operating systems:
  • macOS
    14 (Sonoma)
  • Ubuntu
    22.04
  • Oracle
    Linux
    Server UEK 7
Data collection enhancements for
Linux
This release of the
CylanceOPTICS
agent adds support for Network Connect events and DNS Request and Response events for
Linux
operating systems.
For more information, see Data structures that CylanceOPTICS uses to identify threats in the
Cylance Endpoint Security
Setup content.
Protection features for the
CylanceOPTICS
agent for
macOS
The following security features that previously were applicable only to the
CylancePROTECT Desktop
agent are now extended to the
CylanceOPTICS
agent 3.3 and later for
macOS
:
  • Device policy > Protection Settings > Prevent service shutdown from device: When enabled, device users cannot stop the
    CylanceOPTICS
    agent service on the device.
  • Settings > Application > Require Password to Uninstall Agent: When enabled, users must specify a password that you define in the management console to uninstall the
    CylanceOPTICS
    agent.
These features require the
CylancePROTECT Desktop
agent version 3.1 or later.
New
Windows
agents
The following versions of the
CylanceOPTICS
agent for
Windows
are now available in the management console. These versions include the latest stability enhancements:
  • CylanceOPTICS
    agent for
    Windows
    3.3.2640
  • CylanceOPTICS
    agent for
    Windows
    3.2.1322
Recommendation to disable the optional Cryptojacking Detection sensor
BlackBerry
recommends disabling the optional Cryptojacking Detection sensor, as we are currently investigating stability issues that this sensor can cause with the device OS.

What's new in
CylanceOPTICS
(January 2024)

Feature
Description
CylanceOPTICS
agent versions
This release includes the new
CylanceOPTICS
agent for
Windows
version 3.3.2311.0.
For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix.
Enhancements to the logic and methods that
CylanceOPTICS
uses to identify security threats
CylanceOPTICS
3.3 features significant enhancements to the underlying logic and methods that the
CylanceOPTICS
cloud services and the
CylanceOPTICS
agent use to identify security threats. These changes include:
  • Improvements to how the
    CylanceOPTICS
    agent collects context-relevant event data for a given detection.
  • Improved collection and identification of the processes and events that precede a given detection, and of the noteworthy processes and events that follow a given detection. This provides a more detailed and accurate picture of the factors that may have resulted in the detection and of the aftermath of that detection.
  • Improved data collection methodologies controlled by the
    CylanceOPTICS
    cloud services, enabling
    CylanceOPTICS
    to stay ahead of a threat landscape that is always evolving. These changes ensure that the agent can collect the most valuable telemetry while also tuning out data that is not relevant.
New sensors
This release of the
CylanceOPTICS
agent adds three new optional sensors for
Windows
devices:
  • COM Object Visibility: Allows the
    CylanceOPTICS
    agent to monitor COM objects.
  • HTTP Visibility: Allows the
    CylanceOPTICS
    agent to track
    Windows
    HTTP transactions.
  • Module Load Visibility: Allows the
    CylanceOPTICS
    agent to monitor module loads.
These sensors require the
CylancePROTECT Desktop
agent version 3.2 or later.
For more information, see CylanceOPTICS optional sensors in the
Cylance Endpoint Security
Setup content.
Data enrichment for
Windows
events
Previously, the
CylanceOPTICS
agent collected the Provider Name, Class, and Event ID facets for Windows Event artifacts. This release adds significant data collection enhancements for
Windows
Events, with the agent collecting the data defined in the EventData facet of the artifact (for example, this can include ObjectServer, PrivilegeList, Process ID, Process Name, Service, or other facets).
For more information, see Data structures that CylanceOPTICS uses to identify threats in the
Cylance Endpoint Security
Setup content.

What's new in
CylanceOPTICS
(August 2023)

Feature
Description
Enhancements to advanced query
This release introduces the following enhancements to the advanced query feature in the management console:
  • As you type the EQL syntax for a query, syntax options and validation messages will display to help you build your query.
  • You can now schedule the execution of an advanced query for a specific date and time, and you can schedule a query to run on a regular interval.
  • When you set the scope of your query to specific devices, an icon displays indicating whether each device is online.
  • New options to filter query results.
  • When you select a result and open the fly-out menu, you can view additional event data and filter the query results to show matches for one or more facets.
  • Various UI improvements make it easier for you to add a query, copy a query, and apply and clear zones, devices, and filters for queries.
  • You can now export the results of a query to a CSV file.
For more information, see Create an advanced query in the
Cylance Endpoint Security
Administration content.

Considerations when upgrading from
CylanceOPTICS
2.5.x to 3.x

  • For configuration requirements for
    macOS
    Big Sur (11.x) or later, see the setup instructions in the Cylance Endpoint Security Setup Guide.
  • If you do not set up a complete MDM profile for the
    CylanceOPTICS
    network extension on devices with
    macOS
    Big Sur (11.x) or later, data collection might not occur as expected. Verify that you satisfy the configuration requirements for MDM managed devices in the Cylance Endpoint Security Setup Guide.
  • BlackBerry
    recommends installing the latest available version of the
    CylancePROTECT
    agent. For more information, see the CylanceOPTICS requirements.
  • On
    macOS
    devices, after you upgrade the
    CylanceOPTICS
    agent you need to restart the device.
  • If you upgrade the
    CylanceOPTICS
    agent on a CentOS/RHEL 8.0 or 8.1 device, you must restart the device after the upgrade is complete. (EDR-6750)
  • Upgrading the
    CylanceOPTICS
    agent on
    Linux
    from version 2.x to a newer version fails if Security-Enhanced Linux (SELinux) is enabled on the device. (EDR-6264)
    Workaround:
    Disable SELinux on the device before you upgrade the
    CylanceOPTICS
    agent and enable it again after the upgrade is complete.
  • When upgrading the
    CylanceOPTICS
    agent on
    Windows
    , to avoid an issue with the
    CylanceOPTICS
    shutdown time taking longer than usual, disable the TDT sensor in the device policy and enable it again after the upgrade is complete. This issue does not occur if you upgrade from
    CylanceOPTICS
    agent version 2.5.3010 or from
    CylanceOPTICS
    agent 3.0 to a later version. (EDR-6058)