Skip Navigation

CylanceOPTICS
fixed issues

Fixed issues in
CylanceOPTICS
3.3

If you configured CylanceOPTICS for Windows to use a proxy server, after restarting a
CylanceOPTICS
device, the agent could not connect to
Cylance
cloud services as expected. As a result, certain features (including detections and Instaquery) could not obtain data for the device. (EDR-21101)
This issue is resolved in agent version 3.3.3120 and later.
On
Windows 10
and
Windows
2019 devices, the process handle count for the
CylanceOPTICS
agent version 3.3.x was sometimes higher than expected. (EDR-21073)
This issue is resolved in agent version 3.3.3120 and later.
The
CylanceOPTICS
agent for
Windows
version 3.3.x could sometimes use more system memory than expected. (EDR-20928)
This issue is resolved in agent version 3.3.3120 and later.
If the
CylanceOPTICS
agent for
Windows
was used on a domain controller device with a very high number of user accounts, the agent used more memory than expected. (EDR-20813)
This issue is resolved in agent version 3.3.3120 and later.
Errors could occur when the
CylanceOPTICS
agent for
macOS
communicated with the
CylancePROTECT Desktop
Desktop agent on the XPC channel. This issue could occur on macOS 12 (Monterey) and later. (EDR-20258)
If the API Sensor was enabled in the device policy that was assigned to
CylanceOPTICS
3.2.x devices with
Windows Server
2016 and
CylancePROTECT Desktop
agent 3.0.1003 or later, some applications such as
Chrome
and PowerShell might have stopped working. (EDR-10871)
If you ran an advanced query and tried to generate focus data from the results, the focus description that was used to generate the data did not include the correct artifact information. (EDR-9414)
If a remote session was active when the
CylanceOPTICS
agent was installed on a
macOS
Big Sur (11.x) device, the session disconnected when the installation was complete. (EDR-7180)
When you viewed the results of an InstaQuery, the count for devices queried and devices responded might not have been accurate. This issue occurred intermittently. (EDR-6523)

Fixed issues in
CylanceOPTICS
3.2

If you requested and viewed focus data from the device details page (Assets > Devices) before the event data was loaded to the management console, the resulting focus data did not include any results. (EDRRQ-240)
On
Windows 7
devices, if you upgraded to
CylanceOPTICS
agent 3.1 or later, after you restarted the device the agent did not start as expected. If the user right-clicked the
CylancePROTECT
icon and clicked System Check, the status of the CyOptics driver was "Not Found". (EDR-14132)
If you created a custom partial lockdown configuration that contained an allowed port value and you assigned it to a
CylanceOPTICS
device, the allowed port for partial lockdown was not removed when you assigned a different custom configuration. As a result, any ports that you allowed with any partial lockdown configuration remained allowed on the device, regardless of the new configurations that you assigned. (EDR-13243)
In the management console, if you retry a focus data request, the timestamp information is missing. (EDR-10987)
When you scoped an advanced query to specific devices (Search devices > By Device), the Device drop-down listed a maximum of 200 devices. (EDR-10446)
If you deployed a package to
CylanceOPTICS
devices, when you highlighted a device in the device selection list, you could not see the icon that indicated that the device was online. The color of the icon matched the color of the highlight. (EDR-10224)
When you deployed a package to
CylanceOPTICS
devices, the status column might have indicated that the job was completed even though the progress bar was not yet full. (EDR-8754)
If you uninstalled the
CylanceOPTICS
agent using an MDM profile, the network filter CyOpticsESFLoader remained in the system networking on the device. (EDR-7656)
When you viewed focus data and you clicked the path for a file event to create a pivot query, the Search Term field was not pre-populated. (EDR-6785)
On
macOS
devices, when
CylanceOPTICS
performed an action on an empty file (for example, a 0 KB .prn file), the event was not included in the datagram file. This is fixed for
macOS
devices with Big Sur (11.x) or later. (EDR-5545)

Fixed issues in
CylanceOPTICS
3.1

If you checked the device details in Optics > Devices after you partially locked or remotely unlocked a device, the device status may not have updated as expected. (EDR-9646)
In some advanced query results, the option to globally quarantine a file was not available. (EDR-9534)
If you cloned an existing package deployment job with a status of created, expired, in progress, or stopped, the device information was not prepopulated in the new package deploy. (EDR-7927)
When you created a package deploy, if you added a device to the request then removed it and tried to add it again, the device did not display on the available devices list. (EDR-7847)
Locking down a
macOS
device did not close the VNC client on that device. (EDR-6971)
If you ran an InstaQuery for a PowerShellTrace artifact and a Payload or Script Blocked Text facet, the search term was case-sensitive. (EDR-6868)
When you created a pivot query from the focus data timeline view, if the artifact was registry key, the artifact and facet fields were not pre-populated. (EDR-6856)
When you viewed focus data in the table view for a registry key artifact, the name and path were not correct. If you created a pivot query, you did not get any results. (EDR-6855)
In a focus view, the link to clone a pivot query did not work. (EDR-6786)
On
macOS
Mojave and Catalina, downgrading the
CylanceOPTICS
agent might have resulted in the lockdown feature not working as expected. (EDR-5735)