CylanceOPTICS known issues
Due to a defect in
macOSVentura 13.0.0, if the
CylanceOPTICSagent is installed on a device with
macOS13.0.0 or a
CylanceOPTICSdevice is upgraded to
CylanceOPTICSagent may not be able to detect events. (EDR-14879)
Workaround:To prevent this issue from occurring, install the agent on
macOSVentura 13.0.1 or later or upgrade directly to
macOSVentura 13.0.1 or later instead of 13.0.0. If you upgrade from 13.0.0 to 13.0.1 or later, remove the agent and install it again. If installing on 13.0.1 or later or upgrading to 13.0.1 or later is not possible at this time, remove full disk access for CyOptics and CyOpticsESFLoader then add full disk access for both again and restart the device.
If the API Sensor is enabled in the device policy that is assigned to
CylanceOPTICS3.2.x devices with
Windows Server2016 and
CylancePROTECT Desktopagent 3.0.1003 or later, some applications such as
Chromeand Powershell may stop working. This issue is resolved in the next release of the
Workaround:Turn off the API Sensor in the device policy.
When you try to unlock a partially locked device from the management console, it may not unlock as expected. This issue occurs intermittently. (EDR-9690)
Workaround:Try to unlock the device again from the management console (Select Action > Unlock device), or use the unlock key.
If you run an advanced query and try to generate focus data from the results, the focus description that is used to generate the data does not include the correct artifact information. (EDR-9414)
If you downgrade from
CylanceOPTICSagent version 3.1 or later to version 3.0, the lockdown feature stops working. (EDR-9199)
Workaround:Uninstall agent version 3.0 and install it again.
If you try to download a large file from InstaQuery results by clicking the Request File Download button, the request might not complete as expected (the button does not change to "Download File"). (EDR-7702)
If a remote session is active when the
CylanceOPTICSagent is installed on a
macOSBig Sur (11.x) device, the session disconnects when the installation is complete. (EDR-7180)
Workaround:Start the remote session again.
When you view the detection details for an event and you request a file download for an instigating process or target file source, the status of the download changes back to "Request File Download" instead of "Download File". (EDR-7007)
The refract package for browser history that is available in the management console does not collect the expected data on
If you view the threats and activities for a device and you request data for an event, the focus view status remains at "Data Pending" indefinitely instead of updating to "View Data". (EDR-6779)
Workaround:View another tab and return to the device's threats and activities.
When you view the status of a package deploy job and you filter the results by name, the operator displays as "Equals" even though it works as "Contains", and the filter is case sensitive. (EDR-6689)
When you view the results of an InstaQuery, the count for devices queried and devices responded might not be accurate. This issue occurs intermittently. (EDR-6523)
Performance counters for
Linuxdo not include system counter data, such as CPU and memory. (EDR-5219)
If you use an ssh session to perform a silent uninstall of the
CylanceOPTICSagent on a
macOSBig Sur (11.x) device, /Applications/Cylance/ Optics/CyOpticsESFLoader.app remains and the system extension is still active. This issue occurs because
Applehas no mechanism to silently uninstall system extensions without explicit confirmation by the end user. To resolve, use the finder to locate CyOpticsESFLoader.app and drag it to the trashcan, then confirm the UI prompt to deactivate and remove the system extension. For more information, see Troubleshooting: Removing the CylanceOPTICS agent from a macOS device.