CylanceOPTICS fixed issues
CylanceOPTICS
fixed issuesFixed issues in CylanceOPTICS 3.3
CylanceOPTICS
3.3If you configured CylanceOPTICS for Windows to use a proxy server, after restarting a CylanceOPTICS device, the agent could not connect to Cylance cloud services as expected. As a result, certain features (including detections and Instaquery) could not obtain data for the device. (EDR-21101)This issue is resolved in agent version 3.3.3120 and later. |
On Windows 10 and Windows 2019 devices, the process handle count for the CylanceOPTICS agent version 3.3.x was sometimes higher than expected. (EDR-21073)This issue is resolved in agent version 3.3.3120 and later. |
The CylanceOPTICS agent for Windows version 3.3.x could sometimes use more system memory than expected. (EDR-20928)This issue is resolved in agent version 3.3.3120 and later. |
If the CylanceOPTICS agent for Windows was used on a domain controller device with a very high number of user accounts, the agent used more memory than expected. (EDR-20813)This issue is resolved in agent version 3.3.3120 and later. |
Errors could occur when the CylanceOPTICS agent for macOS communicated with the CylancePROTECT Desktop Desktop agent on the XPC channel. This issue could occur on macOS 12 (Monterey) and later. (EDR-20258) |
If the API Sensor was enabled in the device policy that was assigned to CylanceOPTICS 3.2.x devices with Windows Server 2016 and CylancePROTECT Desktop agent 3.0.1003 or later, some applications such as Chrome and PowerShell might have stopped working. (EDR-10871) |
If you ran an advanced query and tried to generate focus data from the results, the focus description that was used to generate the data did not include the correct artifact information. (EDR-9414) |
If a remote session was active when the CylanceOPTICS agent was installed on a macOS Big Sur (11.x) device, the session disconnected when the installation was complete. (EDR-7180) |
When you viewed the results of an InstaQuery, the count for devices queried and devices responded might not have been accurate. This issue occurred intermittently. (EDR-6523) |
Fixed issues in CylanceOPTICS 3.2
CylanceOPTICS
3.2If you requested and viewed focus data from the device details page (Assets > Devices) before the event data was loaded to the management console, the resulting focus data did not include any results. (EDRRQ-240) |
On Windows 7 devices, if you upgraded to CylanceOPTICS agent 3.1 or later, after you restarted the device the agent did not start as expected. If the user right-clicked the CylancePROTECT icon and clicked System Check, the status of the CyOptics driver was "Not Found". (EDR-14132) |
If you created a custom partial lockdown configuration that contained an allowed port value and you assigned it to a CylanceOPTICS device, the allowed port for partial lockdown was not removed when you assigned a different custom configuration. As a result, any ports that you allowed with any partial lockdown configuration remained allowed on the device, regardless of the new configurations that you assigned. (EDR-13243) |
In the management console, if you retry a focus data request, the timestamp information is missing. (EDR-10987) |
When you scoped an advanced query to specific devices (Search devices > By Device), the Device drop-down listed a maximum of 200 devices. (EDR-10446) |
If you deployed a package to CylanceOPTICS devices, when you highlighted a device in the device selection list, you could not see the icon that indicated that the device was online. The color of the icon matched the color of the highlight. (EDR-10224) |
When you deployed a package to CylanceOPTICS devices, the status column might have indicated that the job was completed even though the progress bar was not yet full. (EDR-8754) |
If you uninstalled the CylanceOPTICS agent using an MDM profile, the network filter CyOpticsESFLoader remained in the system networking on the device. (EDR-7656) |
When you viewed focus data and you clicked the path for a file event to create a pivot query, the Search Term field was not pre-populated. (EDR-6785) |
On macOS devices, when CylanceOPTICS performed an action on an empty file (for example, a 0 KB .prn file), the event was not included in the datagram file. This is fixed for macOS devices with Big Sur (11.x) or later. (EDR-5545) |
Fixed issues in CylanceOPTICS 3.1
CylanceOPTICS
3.1If you checked the device details in Optics > Devices after you partially locked or remotely unlocked a device, the device status may not have updated as expected. (EDR-9646) |
In some advanced query results, the option to globally quarantine a file was not available. (EDR-9534) |
If you cloned an existing package deployment job with a status of created, expired, in progress, or stopped, the device information was not prepopulated in the new package deploy. (EDR-7927) |
When you created a package deploy, if you added a device to the request then removed it and tried to add it again, the device did not display on the available devices list. (EDR-7847) |
Locking down a macOS device did not close the VNC client on that device. (EDR-6971) |
If you ran an InstaQuery for a PowerShellTrace artifact and a Payload or Script Blocked Text facet, the search term was case-sensitive. (EDR-6868) |
When you created a pivot query from the focus data timeline view, if the artifact was registry key, the artifact and facet fields were not pre-populated. (EDR-6856) |
When you viewed focus data in the table view for a registry key artifact, the name and path were not correct. If you created a pivot query, you did not get any results. (EDR-6855) |
In a focus view, the link to clone a pivot query did not work. (EDR-6786) |
On macOS Mojave and Catalina, downgrading the CylanceOPTICS agent might have resulted in the lockdown feature not working as expected. (EDR-5735) |