Cylance Endpoint Security service updates
Management console and platform services
- Management console and platform services fixed issues
- Management console and platform services known issues
CylancePROTECT Desktop release notes
CylanceOPTICS release notes
- CylanceOPTICS fixed issues
- CylanceOPTICS known issues
CylancePROTECT Mobile release notes
- CylancePROTECT Mobile fixed issues
- CylancePROTECT Mobile known issues
CylanceGATEWAY release notes
- CylanceGATEWAY fixed issues
- CylanceGATEWAY known issues
CylanceAVERT release notes
- CylanceAVERT fixed issues
- CylanceAVERT known issues

CylanceOPTICS
release notes

What's new in
CylanceOPTICS
(December 2024)

Feature	Description
New Windows agent	The CylanceOPTICS agent for Windows version 3.3.3120 is now available in the management console. For more information about the fixes in this release, see CylanceOPTICS fixed issues.

What's new in
CylanceOPTICS
(September 2024)

Feature	Description
New agents for macOS and Linux	The following versions of the CylanceOPTICS agent are now available in the management console: macOS : 3.3.2708.5000 Linux RHEL/CentOS 8: 3.3.2758-23000 Linux RHEL/CentOS 7: 3.3.2758-7000 Amazon Linux 2: 3.3.2758-15000 Linux SLES15: 3.3.2758-29000 Linux SLES12: 3.3.2758-21000 Ubuntu 22.04: 3.3.2758-51000 Ubuntu 20.04: 3.3.2758-25000 Ubuntu 18.04: 3.3.2758-17000 Debian 11: 3.3.2758-49000 Debian 10: 3.3.2758-47000 Oracle Linux Server 8 / UEK 8: 3.3.2758-37000 Oracle Linux Server 7 / UEK 7: 3.3.2758-35000
Support for macOS 15 (Sequoia)	This release of the CylanceOPTICS agent for macOS adds support for macOS 15 (Sequoia).

Feature

Description

New agents for

macOS

and

Linux

The following versions of the

CylanceOPTICS

agent are now available in the management console:

macOS

: 3.3.2708.5000

Linux

RHEL/CentOS 8: 3.3.2758-23000

Linux

RHEL/CentOS 7: 3.3.2758-7000

Amazon

Linux

2: 3.3.2758-15000

Linux

SLES15: 3.3.2758-29000

Linux

SLES12: 3.3.2758-21000

Ubuntu

22.04: 3.3.2758-51000

Ubuntu

20.04: 3.3.2758-25000

Ubuntu

18.04: 3.3.2758-17000

Debian

11: 3.3.2758-49000

Debian

10: 3.3.2758-47000

Oracle

Linux

Server 8 / UEK 8: 3.3.2758-37000

Oracle

Linux

Server 7 / UEK 7: 3.3.2758-35000

Support for

macOS

15 (Sequoia)

This release of the

CylanceOPTICS

agent for

macOS

adds support for

macOS

15 (Sequoia).

What's new in
CylanceOPTICS
(August 2024)

Feature	Description
New Windows agents	The following versions of the CylanceOPTICS agent for Windows are now available in the management console: CylanceOPTICS agent for Windows 3.3.2779 CylanceOPTICS agent for Windows 3.2.1327 These releases of the CylanceOPTICS agent address a security vulnerability that is present in the .msi file for previous agent versions. For more information, see KB 139918. If you update the CylanceOPTICS agent to a version listed above using the standard update process available in the Cylance console, note that the .msi file with the security vulnerability will still be present on CylanceOPTICS devices. To update the agent and address the vulnerability, you must do one of the following: Remove the CylanceOPTICS agent from devices, then install the latest 3.2 or 3.3 version listed above. Use the CylanceOPTICS Patch Tool (see KB 139918) to remove the CylanceOPTICS agent and all associated files from the device and complete a new install of the latest 3.2 or 3.3 agent listed above. If you use the Patch Tool you to not need to manually remove and then install the agent, as the tool will complete these actions. BlackBerry recommends this update method as the Patch Tool has been built and tested with all the necessary security precautions and will work with any configuration of the CylancePROTECT Desktop agent.

Feature

Description

New

Windows

agents

The following versions of the

CylanceOPTICS

agent for

Windows

are now available in the management console:

CylanceOPTICS

agent for

Windows

3.3.2779

CylanceOPTICS

agent for

Windows

3.2.1327

These releases of the

CylanceOPTICS

agent address a security vulnerability that is present in the .msi file for previous agent versions. For more information, see KB 139918. If you update the

CylanceOPTICS

agent to a version listed above using the standard update process available in the Cylance console, note that the .msi file with the security vulnerability will still be present on

CylanceOPTICS

devices. To update the agent and address the vulnerability, you must do one of the following:

Remove the

CylanceOPTICS

agent from devices, then install the latest 3.2 or 3.3 version listed above.

Use the

CylanceOPTICS

Patch Tool (see KB 139918) to remove the

CylanceOPTICS

agent and all associated files from the device and complete a new install of the latest 3.2 or 3.3 agent listed above. If you use the Patch Tool you to not need to manually remove and then install the agent, as the tool will complete these actions.

BlackBerry

recommends this update method as the Patch Tool has been built and tested with all the necessary security precautions and will work with any configuration of the

CylancePROTECT Desktop

agent.

What's new in
CylanceOPTICS
(June 2024)

Feature	Description
New agents for macOS and Linux	macOS : 3.3.2570.5000 Linux RHEL/CentOS 8: 3.3.2570-23000 Linux RHEL/CentOS 7: 3.3.2570-7000 Amazon Linux 2: 3.3.2570-15000 Linux SLES15: 3.3.2570-29000 Linux SLES12: 3.3.2570-21000 Ubuntu 22.04: 3.3.2570-51000 Ubuntu 20.04: 3.3.2570-25000 Ubuntu 18.04: 3.3.2570-17000 Debian 11: 3.3.2570-49000 Debian 10: 3.3.2570-47000 Oracle Linux Server 8 / UEK 8: 3.3.2570-37000 Oracle Linux Server 7 / UEK 7: 3.3.2570-35000 For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix.
Changes to OS support	This release adds support for the following operating systems: macOS 14 (Sonoma) Ubuntu 22.04 Oracle Linux Server UEK 7
Data collection enhancements for Linux	This release of the CylanceOPTICS agent adds support for Network Connect events and DNS Request and Response events for Linux operating systems. For more information, see Data structures that CylanceOPTICS uses to identify threats in the Cylance Endpoint Security Setup content.
Protection features for the CylanceOPTICS agent for macOS	The following security features that previously were applicable only to the CylancePROTECT Desktop agent are now extended to the CylanceOPTICS agent 3.3 and later for macOS : Device policy > Protection Settings > Prevent service shutdown from device: When enabled, device users cannot stop the CylanceOPTICS agent service on the device. Settings > Application > Require Password to Uninstall Agent: When enabled, users must specify a password that you define in the management console to uninstall the CylanceOPTICS agent. These features require the CylancePROTECT Desktop agent version 3.1 or later.
New Windows agents	The following versions of the CylanceOPTICS agent for Windows are now available in the management console. These versions include the latest stability enhancements: CylanceOPTICS agent for Windows 3.3.2640 CylanceOPTICS agent for Windows 3.2.1322
Recommendation to disable the optional Cryptojacking Detection sensor	BlackBerry recommends disabling the optional Cryptojacking Detection sensor, as we are currently investigating stability issues that this sensor can cause with the device OS.

What's new in
CylanceOPTICS
(January 2024)

Feature	Description
CylanceOPTICS agent versions	This release includes the new CylanceOPTICS agent for Windows version 3.3.2311.0. For more information about supported operating systems, see the Cylance Endpoint Security compatibility matrix.
Enhancements to the logic and methods that CylanceOPTICS uses to identify security threats	CylanceOPTICS 3.3 features significant enhancements to the underlying logic and methods that the CylanceOPTICS cloud services and the CylanceOPTICS agent use to identify security threats. These changes include: Improvements to how the CylanceOPTICS agent collects context-relevant event data for a given detection. Improved collection and identification of the processes and events that precede a given detection, and of the noteworthy processes and events that follow a given detection. This provides a more detailed and accurate picture of the factors that may have resulted in the detection and of the aftermath of that detection. Improved data collection methodologies controlled by the CylanceOPTICS cloud services, enabling CylanceOPTICS to stay ahead of a threat landscape that is always evolving. These changes ensure that the agent can collect the most valuable telemetry while also tuning out data that is not relevant.
New sensors	This release of the CylanceOPTICS agent adds three new optional sensors for Windows devices: COM Object Visibility: Allows the CylanceOPTICS agent to monitor COM objects. HTTP Visibility: Allows the CylanceOPTICS agent to track Windows HTTP transactions. Module Load Visibility: Allows the CylanceOPTICS agent to monitor module loads. These sensors require the CylancePROTECT Desktop agent version 3.2 or later. For more information, see CylanceOPTICS optional sensors in the Cylance Endpoint Security Setup content.
Data enrichment for Windows events	Previously, the CylanceOPTICS agent collected the Provider Name, Class, and Event ID facets for Windows Event artifacts. This release adds significant data collection enhancements for Windows Events, with the agent collecting the data defined in the EventData facet of the artifact (for example, this can include ObjectServer, PrivilegeList, Process ID, Process Name, Service, or other facets). For more information, see Data structures that CylanceOPTICS uses to identify threats in the Cylance Endpoint Security Setup content.

What's new in
CylanceOPTICS
(August 2023)

Feature	Description
Enhancements to advanced query	This release introduces the following enhancements to the advanced query feature in the management console: As you type the EQL syntax for a query, syntax options and validation messages will display to help you build your query. You can now schedule the execution of an advanced query for a specific date and time, and you can schedule a query to run on a regular interval. When you set the scope of your query to specific devices, an icon displays indicating whether each device is online. New options to filter query results. When you select a result and open the fly-out menu, you can view additional event data and filter the query results to show matches for one or more facets. Various UI improvements make it easier for you to add a query, copy a query, and apply and clear zones, devices, and filters for queries. You can now export the results of a query to a CSV file. For more information, see Create an advanced query in the Cylance Endpoint Security Administration content.

Feature

Description

Enhancements to advanced query

This release introduces the following enhancements to the advanced query feature in the management console:

As you type the EQL syntax for a query, syntax options and validation messages will display to help you build your query.

You can now schedule the execution of an advanced query for a specific date and time, and you can schedule a query to run on a regular interval.

When you set the scope of your query to specific devices, an icon displays indicating whether each device is online.

New options to filter query results.

When you select a result and open the fly-out menu, you can view additional event data and filter the query results to show matches for one or more facets.

Various UI improvements make it easier for you to add a query, copy a query, and apply and clear zones, devices, and filters for queries.

You can now export the results of a query to a CSV file.

For more information, see Create an advanced query in the

Cylance Endpoint Security

Administration content.

Considerations when upgrading from
CylanceOPTICS
2.5.x to 3.x

For configuration requirements for

macOS

Big Sur (11.x) or later, see the setup instructions in the Cylance Endpoint Security Setup Guide.

If you do not set up a complete MDM profile for the

CylanceOPTICS

network extension on devices with

macOS

Big Sur (11.x) or later, data collection might not occur as expected. Verify that you satisfy the configuration requirements for MDM managed devices in the Cylance Endpoint Security Setup Guide.

BlackBerry

recommends installing the latest available version of the

CylancePROTECT

agent. For more information, see the CylanceOPTICS requirements.

macOS

devices, after you upgrade the

CylanceOPTICS

agent you need to restart the device.

If you upgrade the

CylanceOPTICS

agent on a CentOS/RHEL 8.0 or 8.1 device, you must restart the device after the upgrade is complete. (EDR-6750)

Upgrading the

CylanceOPTICS

agent on

Linux

from version 2.x to a newer version fails if Security-Enhanced Linux (SELinux) is enabled on the device. (EDR-6264)

Workaround:
Disable SELinux on the device before you upgrade the

CylanceOPTICS

agent and enable it again after the upgrade is complete.

When upgrading the

CylanceOPTICS

agent on

Windows

, to avoid an issue with the

CylanceOPTICS

shutdown time taking longer than usual, disable the TDT sensor in the device policy and enable it again after the upgrade is complete. This issue does not occur if you upgrade from

CylanceOPTICS

agent version 2.5.3010 or from

CylanceOPTICS

agent 3.0 to a later version. (EDR-6058)

CylanceOPTICS fixed issues

CylanceOPTICS known issues

CylanceOPTICS release notes

What's new in CylanceOPTICS (December 2024)

What's new in CylanceOPTICS (September 2024)

What's new in CylanceOPTICS (August 2024)

What's new in CylanceOPTICS (June 2024)

What's new in CylanceOPTICS (January 2024)

What's new in CylanceOPTICS (August 2023)

Considerations when upgrading from CylanceOPTICS 2.5.x to 3.x

CylanceOPTICS
release notes

What's new in
CylanceOPTICS
(December 2024)

What's new in
CylanceOPTICS
(September 2024)

What's new in
CylanceOPTICS
(August 2024)

What's new in
CylanceOPTICS
(June 2024)

What's new in
CylanceOPTICS
(January 2024)

What's new in
CylanceOPTICS
(August 2023)

Considerations when upgrading from
CylanceOPTICS
2.5.x to 3.x