CylanceOPTICS fixed issues Skip Navigation

CylanceOPTICS
fixed issues

Fixed issues in
CylanceOPTICS
3.2

If you requested and viewed focus data from the device details page (Assets > Devices) before the event data was loaded to the management console, the resulting focus data did not include any results. (EDRRQ-240)
On
Windows 7
devices, if you upgraded to
CylanceOPTICS
agent 3.1 or later, after you restarted the device the agent did not start as expected. If the user right-clicked the
CylancePROTECT
icon and clicked System Check, the status of the CyOptics driver was "Not Found". (EDR-14132)
If you created a custom partial lockdown configuration that contained a whitelisted port value and you assigned it to a
CylanceOPTICS
device, the whitelisted port for partial lockdown was not removed when you assigned a different custom configuration. As a result, any ports that you whitelisted with any partial lockdown configuration remained whitelisted on the device, regardless of the new configurations that you assigned. (EDR-13243)
In the management console, if you retry a focus data request, the timestamp information is missing. (EDR-10987)
When you scoped an advanced query to specific devices (Search devices > By Device), the Device drop-down listed a maximum of 200 devices. (EDR-10446)
If you deployed a package to
CylanceOPTICS
devices, when you highlighted a device in the device selection list, you could not see the icon that indicated that the device was online. The color of the icon matched the color of the highlight. (EDR-10224)
When you deployed a package to
CylanceOPTICS
devices, the status column might have indicated that the job was completed even though the progress bar was not yet full. (EDR-8754)
If you uninstalled the
CylanceOPTICS
agent using an MDM profile, the network filter CyOpticsESFLoader remained in the system networking on the device. (EDR-7656)
When you viewed focus data and you clicked the path for a file event to create a pivot query, the Search Term field was not pre-populated. (EDR-6785)
On
macOS
devices, when
CylanceOPTICS
performed an action on an empty file (for example, a 0 KB .prn file), the event was not included in the datagram file. This is fixed for
macOS
devices with Big Sur (11.x) or later. (EDR-5545)

Fixed issues in
CylanceOPTICS
3.1

If you checked the device details in Optics > Devices after you partially locked or remotely unlocked a device, the device status may not have updated as expected. (EDR-9646)
In some advanced query results, the option to globally quarantine a file was not available. (EDR-9534)
If you cloned an existing package deployment job with a status of created, expired, in progress, or stopped, the device information was not prepopulated in the new package deploy. (EDR-7927)
When you created a package deploy, if you added a device to the request then removed it and tried to add it again, the device did not display on the available devices list. (EDR-7847)
Locking down a
macOS
device did not close the VNC client on that device. (EDR-6971)
If you ran an InstaQuery for a PowerShellTrace artifact and a Payload or Script Blocked Text facet, the search term was case-sensitive. (EDR-6868)
When you created a pivot query from the focus data timeline view, if the artifact was registry key, the artifact and facet fields were not pre-populated. (EDR-6856)
When you viewed focus data in the table view for a registry key artifact, the name and path were not correct. If you created a pivot query, you did not get any results. (EDR-6855)
In a focus view, the link to clone a pivot query did not work. (EDR-6786)
On
macOS
Mojave and Catalina, downgrading the
CylanceOPTICS
agent might have resulted in the lockdown feature not working as expected. (EDR-5735)