CylanceOPTICS fixed issues
CylanceOPTICS
fixed issuesFixed issues in CylanceOPTICS 3.2
CylanceOPTICS
3.2If you requested and viewed focus data from the device details page (Assets > Devices) before the event data was loaded to the management console, the resulting focus data did not include any results. (EDRRQ-240) |
On Windows 7 devices, if you upgraded to CylanceOPTICS agent 3.1 or later, after you restarted the device the agent did not start as expected. If the user right-clicked the CylancePROTECT icon and clicked System Check, the status of the CyOptics driver was "Not Found". (EDR-14132)
|
If you created a custom partial lockdown configuration that contained an allowed port value and you assigned it to a CylanceOPTICS device, the allowed port for partial lockdown was not removed when you assigned a different custom configuration. As a result, any ports that you allowed with any partial lockdown configuration remained allowed on the device, regardless of the new configurations that you assigned. (EDR-13243) |
In the management console, if you retry a focus data request, the timestamp information is missing. (EDR-10987) |
When you scoped an advanced query to specific devices (Search devices > By Device), the Device drop-down listed a maximum of 200 devices. (EDR-10446) |
If you deployed a package to CylanceOPTICS devices, when you highlighted a device in the device selection list, you could not see the icon that indicated that the device was online. The color of the icon matched the color of the highlight. (EDR-10224) |
When you deployed a package to CylanceOPTICS devices, the status column might have indicated that the job was completed even though the progress bar was not yet full. (EDR-8754) |
If you uninstalled the CylanceOPTICS agent using an MDM profile, the network filter CyOpticsESFLoader remained in the system networking on the device. (EDR-7656) |
When you viewed focus data and you clicked the path for a file event to create a pivot query, the Search Term field was not pre-populated. (EDR-6785) |
On macOS devices, when CylanceOPTICS performed an action on an empty file (for example, a 0 KB .prn file), the event was not included in the datagram file. This is fixed for macOS devices with Big Sur (11.x) or later. (EDR-5545) |
Fixed issues in CylanceOPTICS 3.1
CylanceOPTICS
3.1If you checked the device details in Optics > Devices after you partially locked or remotely unlocked a device, the device status may not have updated as expected. (EDR-9646) |
In some advanced query results, the option to globally quarantine a file was not available. (EDR-9534) |
If you cloned an existing package deployment job with a status of created, expired, in progress, or stopped, the device information was not prepopulated in the new package deploy. (EDR-7927) |
When you created a package deploy, if you added a device to the request then removed it and tried to add it again, the device did not display on the available devices list. (EDR-7847) |
Locking down a macOS device did not close the VNC client on that device. (EDR-6971) |
If you ran an InstaQuery for a PowerShellTrace artifact and a Payload or Script Blocked Text facet, the search term was case-sensitive. (EDR-6868) |
When you created a pivot query from the focus data timeline view, if the artifact was registry key, the artifact and facet fields were not pre-populated. (EDR-6856) |
When you viewed focus data in the table view for a registry key artifact, the name and path were not correct. If you created a pivot query, you did not get any results. (EDR-6855) |
In a focus view, the link to clone a pivot query did not work. (EDR-6786) |
On macOS Mojave and Catalina, downgrading the CylanceOPTICS agent might have resulted in the lockdown feature not working as expected. (EDR-5735) |