CylanceOPTICS known issues
CylanceOPTICS
known issuesDue to a defect in macOS Ventura 13.0.0, if the CylanceOPTICS agent is installed on a device with macOS 13.0.0 or a CylanceOPTICS device is upgraded to macOS 13.0.0, the CylanceOPTICS agent may not be able to detect events. (EDR-14879)Workaround: To prevent this issue from occurring, install the agent on macOS Ventura 13.0.1 or later or upgrade directly to macOS Ventura 13.0.1 or later instead of 13.0.0. If you upgrade from 13.0.0 to 13.0.1 or later, remove the agent and install it again. If installing on 13.0.1 or later or upgrading to 13.0.1 or later is not possible at this time, remove full disk access for CyOptics and CyOpticsESFLoader then add full disk access for both again and restart the device. |
If the API Sensor is enabled in the device policy that is assigned to CylanceOPTICS 3.2.x devices with Windows Server 2016 and CylancePROTECT Desktop agent 3.0.1003 or later, some applications such as Chrome and Powershell may stop working. This issue is resolved in the next release of the CylanceOPTICS agent. (EDR-10871)Workaround: Turn off the API Sensor in the device policy. |
When you try to unlock a partially locked device from the management console, it may not unlock as expected. This issue occurs intermittently. (EDR-9690) Workaround: Try to unlock the device again from the management console (Select Action > Unlock device), or use the unlock key. |
If you run an advanced query and try to generate focus data from the results, the focus description that is used to generate the data does not include the correct artifact information. (EDR-9414) |
If you downgrade from CylanceOPTICS agent version 3.1 or later to version 3.0, the lockdown feature stops working. (EDR-9199)Workaround: Uninstall agent version 3.0 and install it again. |
If you try to download a large file from InstaQuery results by clicking the Request File Download button, the request might not complete as expected (the button does not change to "Download File"). (EDR-7702) |
If a remote session is active when the CylanceOPTICS agent is installed on a macOS Big Sur (11.x) device, the session disconnects when the installation is complete. (EDR-7180) Workaround: Start the remote session again. |
When you view the detection details for an event and you request a file download for an instigating process or target file source, the status of the download changes back to "Request File Download" instead of "Download File". (EDR-7007) |
The refract package for browser history that is available in the management console does not collect the expected data on Linux devices. (EDR-6917) |
If you view the threats and activities for a device and you request data for an event, the focus view status remains at "Data Pending" indefinitely instead of updating to "View Data". (EDR-6779) Workaround: View another tab and return to the device's threats and activities. |
When you view the status of a package deploy job and you filter the results by name, the operator displays as "Equals" even though it works as "Contains", and the filter is case sensitive. (EDR-6689) |
When you view the results of an InstaQuery, the count for devices queried and devices responded might not be accurate. This issue occurs intermittently. (EDR-6523) |
Performance counters for macOS and Linux do not include system counter data, such as CPU and memory. (EDR-5219) |
If you use an ssh session to perform a silent uninstall of the CylanceOPTICS agent on a macOS Big Sur (11.x) device, /Applications/Cylance/ Optics/CyOpticsESFLoader.app remains and the system extension is still active. This issue occurs because Apple has no mechanism to silently uninstall system extensions without explicit confirmation by the end user. To resolve, use the finder to locate CyOpticsESFLoader.app and drag it to the trashcan, then confirm the UI prompt to deactivate and remove the system extension. For more information, see Troubleshooting: Removing the CylanceOPTICS agent from a macOS device. |